24 February 2015

Lenovo devices shipped with dangerous adware

Until Superfish fix, Lenovo devices can't be trusted for secure work

Summary: Enterprise customers are said not to be affected, but millions of consumers and bring-your-own-device users are likely using compromised machines.

By Zack Whittaker | February 19, 2015 in ZDNet

Millions of Lenovo machines potentially at risk from Superfish adware (Image: CNET/CBS Interactive)
Millions of Lenovo owners are being warned to not use their desktops and laptops for "any kind of secure transaction," amid concerns that the company installed adware on their machines.

Lenovo-branded devices sold between September 2014 and January 2015 through consumer online and retail stores, like Best Buy and Amazon.com, are likely affected by the Superfish adware, which hijacks secure internet traffic.

Defcon security chief and security researcher Marc Rogers, who detailed the scope and scale of the adware problem on his blog, told ZDNet that consumers should immediately check to see if their machines are affected.

"If they are affected, they should not use their laptop for any kind of secure transactions until they are able to confirm [the adware] has been removed," he said.

As many as 16 million Lenovo desktops and notebooks shipped in the fourth calendar quarter, according to recent IDC figures and Gartner figures.

Enterprise owners, who bought the device through a business channel, are said not to be affected.