N.H. gets $56K settlement for adware that spied on owners of Lenovo laptops

  • Lenovo (logo above) denied wrongdoing in its statement agreeing to the settlement. Courtesy of NH Department of Transportation

Monitor staff
Published: 9/5/2017 11:29:05 PM

New Hampshire will receive more than $50,000 as the result of a settlement with the company Lenovo for selling laptops loaded with advertising software that could snoop on owners’ web surfing, which created a security hole that left the machines vulnerable to hackers.

The money is part of a $3.5 million settlement between Lenovo, a Chinese company, and the Federal Trade Commission. New Hampshire is one of 32 states that participated in the lawsuit.

The suit concerns software called Visual
Discovery from the company Superfish, installed on about 750,000 laptops sold in 2014 and 2015.

VisualDiscovery purportedly operated as a shopping assistant by delivering pop-up ads to consumers of products sold by Superfish retail partners whenever a customer’s mouse hovered over the image of a product on a shopping website.

A statement from the Attorney General’s Office describes the suit: “The states alleged that VisualDiscovery operated by acting as a local proxy, or ‘man in the middle,’ that stood between the consumer’s browser and all Internet Web sites that the user visited, including encrypted sites. ... Consumer information, including sensitive communications with encrypted Web sites, would be collected and transmitted to Superfish, the states allege.”

Further, it said, “the states alleged that VisualDiscovery created a security vulnerability that made consumers’ information susceptible to hackers in certain situations. The states allege that Lenovo’s failure to disclose the presence of VisualDiscovery on its computers, its failure to warn consumers that the software created a security vulnerability, and its inadequate opt-out procedure violated state consumer protection laws.”

Lenovo denied wrongdoing in its statement agreeing to the settlement.

The settlement also requires Lenovo to change its consumer disclosures about pre-installed advertising software and improve ways for consumers to opt out of such software. It must maintain “a software security compliance program: and undergo every-other-year assessments for 20 years about compliance with the security compliance program.”

The settlement is not final unless and until it is approved by a court. New Hampshire will receive $56,374.15, a figure based on estimated sales of the laptops in the state.

(David Brooks can be reached at 369-3313, dbrooks@cmonitor.com or on Twitter @GraniteGeek.)

David Brooks bio photo

David Brooks is a reporter and the writer of the sci/tech column Granite Geek and blog granitegeek.org, as well as moderator of Science Cafe Concord events. After obtaining a bachelor’s degree in mathematics he became a newspaperman, working in Virginia and Tennessee before spending 28 years at the Nashua Telegraph . He joined the Monitor in 2015.

Concord Monitor Office

1 Monitor Drive
Concord,NH 03301


© 2021 Concord Monitor
Terms & Conditions - Privacy Policy