Lenovo, the Chinese computer manufacturer that is already a multi-national allowed a Silicon Valley based company called Superfish to secretly embed a spyware or its defender called Adware with the purpose of collecting data for commercial advertising, as reported in New York Times. A spyware planted by the manufacturer could not be rooted out by any anti-viral software nor can it be detected because most anti-viruses work on the main operating system and not the firmware that comes with the machine’s hardware.
The spyware or adware, whichever serve the purposes of the beneficiary was not communicated to the buyers of the computer and was stumbled upon by a buyer, Peter Horne, who is a computer security expert that bought a Lenovo Yoga2 Notepad when he was in Sydney. “If they can do that, they can do anything,” said Peter Horne, the technology expert who first discovered the spyware in Lenovo’s products.
According to him, the consequence can be ominous because a spyware planted into the computer itself can compromise anything without being detected by any anti-viral software and theoretically can steal your password and compromise your computer just like the authorized user himself.
It can be even more ominous when one conceives that a syndicate of hackers could work in conjunction with a computer manufacturer to plant a spyware inside your computer, compromising all your passwords and encryption and emptying all the cash in your bank account. In a statement issued on Thursday, Lenovo said it had included Superfish in some consumer notebooks shipped between September and December “to help customers potentially discover interesting products while shopping.”
Citing bad user reviews, the company said it had stopped including the adware in January, the same month Mr. Horne brought the issue to the company’s attention (and never received a response).
“The problem is: What can we trust?” Mr. Horne said. “People trust software, then learn it gets compromised. We trust hardware and firmware, until you learn it’s been compromised with adware. We trust the actual box, until we learn it’s been taken into a little room somewhere.”
By partnering with Superfish, Mr. Horne said, “Lenovo is either extraordinarily stupid or covering up. Either is an offense to me.”
Microsoft is now working to root out all Superfish adware from its operating system.