Superfish Adware Poses High Security Threat to Lenovo Users

Gibbs Law Group has filed a class action lawsuit on behalf of purchasers of Lenovo computers alleging that the Chinese company and Superfish violated privacy and other laws concerning computer fraud and stored communications by selling computers to consumers that were equipped with preinstalled VisualDiscovery spyware. According to the complaint, Superfish’s “VisualDiscovery performs advertisement injection services,” or the placement of advertisements on both encrypted and unencrypted websites that Lenovo users access. The complaint alleges that “when Lenovo PC users attempt to access either an unencrypted website or an encrypted website, VisualDiscovery intercepts and scans Plaintiffs’ and Class members’ private data in order to inject targeted advertisements.”

In doing so, Superfish’s VisualDiscovery alters Lenovo users’ search results to show different ads and tampers with the computer’s security, making the computer susceptible to hackers snooping through the users’ browser traffic—regardless of the browser being used.

After filing the lawsuit, Gibbs Law Group was appointed by the Court as Interim Co-Lead Counsel in the case.

Own a Lenovo computer?

If you own a Lenovo computer, your private data may be at risk. Speak to our consumer protection attorneys to learn about your rights by calling toll-free (866) 981-4800.

U.S. Dept. of Homeland Security: Superfish introduces ‘critical vulnerability’

According to New York based software engineer David Auerbach of

By installing a single self-signed root certificate [malware and adware SuperFish] across all of Lenovo’s affected machines, Superfish intentionally pokes a gigantic hole into your browser security and allows anyone on your Wi-Fi network to hijack your browser silently and collect your bank credentials, passwords, and anything else you might conceivably type there.

In addition, Auerbach notes that Errata Security’s Robert Graham has stated that this type of installation leaves consumers’ data extremely vulnerable and at risk. For example, a person using a café hotspot can intercept the information of SuperFish’s victims (i.e. anyone with one of an infected Lenovo computer on that café hotspot). Even the U.S. Department of Homeland Security has intervened, stating that the SuperFish software introduces a “critical vulnerability,” and has since issued their own instructions for the removal of this type of spyware.

Lenovo lists 43 different models as affected by Superfish

According to Lenovo, the following computer models may be equipped with Superfish VisualDiscovery spyware:

  • G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
  • U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
  • Y Series: Y430P, Y40-70, Y50-70
  • Z Series: Z40-75, Z50-75, Z40-70, Z50-70
  • S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
  • Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
  • MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
  • YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
  • E Series: E10-30

Our experience with malware and privacy lawsuits

This latest breach of the consumers trust brings up painful memories of the Sony DRM rootkit scandal of 2005 where Sony, unknowingly to the consumers, automatically installed malware that could be high-jacked by another hacker. The attorneys at our firm were instrumental in the settlement in the litigation action against SONY BMG Music Entertainment, SunnComm International, Inc. and First 4 Internet, Ltd.

In addition, our attorneys have represented numerous individuals who have been victims of data and privacy breaches involving companies such as Certegy Check Services, Home Depot, Target, Adobe, Health Net, Anthem, and IBM. We are currently investigating the Premera Blue Cross cyberattack. If you own or know someone who owns one of these Lenovo computers, contact a privacy attorney at Gibbs Law Group by calling (866) 981-4800. You can also complete and submit our confidential inquiry form on the right side of this page.