After a two-and-a-half-year lawsuit, the Federal Trade Commission (FTC) has settled its lawsuit against Lenovo for the Chinese company’s pre-installation of dangerous adware in around 750,000 of its PCs in the US between September 2014 and January 2015. Lenovo will pay up $3.5m (£2.7m).
The so-called ‘man-in-the-middle’ software program called VisualDiscovery, developed by a company called Superfish, delivered pop-up ads from Lenovo’s retail partners whenever a user hovered their cursor over a similar product on a website.
The problem with the program was that it had security vulnerabilities that could easily be exploited by hackers, leaving users open to having their personal information stolen. However, Lenovo says it is not aware of anybody taking advantage of the vulnerability.
“Lenovo compromised consumers’ privacy when it preloaded software that could access consumers’ sensitive information without adequate notice or consent to its use,” said Maureen K. Ohlhausen, acting FTC chairman. “This conduct is even more serious because the software compromised online security protections that consumers rely on.”
As part of the settlement, Lenovo will now have to let consumers know of any software that is preloaded on their devices, and receive consent from these consumers before pre-installing this software. Furthermore, the company must implement a security program for software on its products, which will be audited by third-parties.
In a statement, Lenovo said: “Subsequent to this incident, Lenovo introduced both a policy to limit the amount of pre-installed software it loads on its PCs, and comprehensive security and privacy review processes, actions which are largely consistent with the actions we agreed to take in the settlements announced today.”