The revelation that Lenovo has loaded harmful adware onto some of its laptops has sparked a discussion about whether marketing tech has crossed a line. Lenovo’s customers have been complaining for months about a program that puts product plugs in search results.
The software that enables these ads is called Superfish and came preinstalled on some of Lenovo’s laptops. While the marketing itself was annoying for customers, it turns out the adware was also dangerous.
A security researcher at Errata Security discovered that he could extract the computer’s security certificate along with the private key needed to decrypt web communications. As a result he was able to post up at a coffee shop with free Wi-Fi and view the activity of anyone with an infected Lenovo computer.
“It’s not just bad what they’ve done, it’s certainly questionable to begin with, but they’ve subverted the way SSL works and they’ve done it in a way that other people can exploit,” said Joe Siegrist, CEO of security firm LastPass. In the wake of Superfish’s unveiling, LastPass has launched a website that will let Lenovo users know whether they’re infected and if so, steps they can take to remove Superfish.
Siegrist says this isn’t the first time that marketing tech has made consumers vulnerable to hackers. Back in 2005, security experts realized Sony music CDs automatically downloaded a rootkit on computers, without the user’s consent, as a digital rights management tool. But the software also opened up a huge access security vulnerability, hackers could get onto your system and you wouldn’t know it.