Complaint filed against Lenovo over pre-installed Superfish adware
A complaint has been filed against Lenovo in the U.S. District Court for the Southern District of California for Lenovo’s admitted (pdf) preloading of Superfish adware on their customers’ computers.
Superfish injects product recommendations into search results and displays ads on otherwise legitimate pages. But, it also includes a universal self-signed certificate authority. This universal certificate authority allows man-in-the-middle attacks to inject ads even on secure encrypted (SSL) pages without triggering browser security warnings. Thus, making Lenovo laptops vulnerable to malware and malicious man-in-the-middle attacks. Additionally, Superfish adware uses memory resources and consumes bandwidth, affecting computer and network performance.
The Plaintiff, a blogger from San Diego, Jessica Bennett, alleges her laptop was damaged as a result of Lenovo’s pre-installation of Superfish on her laptop.
The complaint requests a jury trial and class action certification. The complaint charges both Lenovo and Superfish with violations of: The California Invasion of Privacy Act (CIPA); The Federal Electronic Communications Privacy Act (ECPA); Trespass to personal chattel under California common law; and “fraudulent” business practices under California’s Unfair Competition Law.
Discussion about this post