NPR logo
Lenovo Sued Over Superfish Adware
  • Download
  • <iframe src="https://www.npr.org/player/embed/388901986/388901987" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Lenovo Sued Over Superfish Adware

Business

Lenovo Sued Over Superfish Adware

Lenovo Sued Over Superfish Adware
  • Download
  • <iframe src="https://www.npr.org/player/embed/388901986/388901987" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

Renee Montagne talks to Jordan Robertson of Bloomberg News about computer maker Lenovo, which allowed controversial spyware to be embedded onto the operating systems of laptops sold in the U.S.

RENEE MONTAGNE, HOST:

We keep hearing about cyberattacks on Target, Sony and the insurer Anthem. Now a class-action lawsuit filed last week claims the world's biggest computer maker made things easier for hackers. The suit claims that last September, Lenovo started installing software on some of its notebooks to track shopping habits but in the process, created a gigantic security hole that could expose sensitive information. Lenovo told NPR it has stopped installing Superfish, but critics say a lot of users are still vulnerable. And for more, we contacted Jordan Robertson of Bloomberg News. Good morning.

JORDAN ROBERTSON: Good morning, Renee. Thanks for having me.

MONTAGNE: Let's start with the software that Lenovo has been installing. It's called Superfish. What exactly is it?

ROBERTSON: This was a technology that not a lot of people had heard of before this. And obviously, everyone's heard Lenovo, the biggest PC maker on the planet. They sell 60 million PCs a year. And at some point last year, Lenovo had decided to ink an agreement with this very small company called Superfish to pre-install this software. What the technology does is, you know, it looks at images that you're mousing over on your screen. And it recommends other images around the web that - if you're looking at a couch, let's say, it'll find another couch that might be cheaper than the one you're shopping for - on its own a pretty innocuous function.

MONTAGNE: Innocuous - although I must say rather irritating.

ROBERTSON: Irritating...

MONTAGNE: This is a couch they want you to see.

ROBERTSON: Yeah, it's irritating but on its own, not necessarily a security problem. But the way this technology displays those ads is a huge security problem because if somebody's sitting on the same network, it will be trivial to intercept every e-mail you type and every password you enter. And that's a big problem.

MONTAGNE: Why do you think Lenovo installed something that had such potential for cyberattack?

ROBERTSON: There are two answers to that. The first one is that Lenovo - we've talked to them extensively. They've done, you know, a very aggressive job of coming out and trying to fix this. What they say is, you know, we wanted to offer a service that would benefit our users. They received what they describe as a small payment from Superfish to pre-install this technology. And that's really the key here - is that companies like PC makers, mobile handset makers - they're looking for ways to squeeze any extra pennies they can. Anytime you buy a machine, whether it's a PC or a phone, you get all kinds of stuff you can't remove.

And if it's just bloatware and adware, that's one thing. But when it creates a security hole, and it's baked into the operating system - that's the thing here that Lenovo has done that has been jaw-dropping for some security experts. Lenovo absolutely knew what it was doing. They knew the modifications that they had to make to make the software work as it's supposed to. So to Lenovo's credit, they've partnered with Microsoft, they've partnered with Symantec and McAfee and other companies so that those programs will wipe Superfish from your computer. But there's a big catch there. And that's, you know, we've seen figures that - maybe, like, a third of all users actually get updates because updates are annoying. So Lenovo could do whatever it wants, but the cat's out of the bag.

MONTAGNE: Jordan Robertson reports on cybersecurity for Bloomberg News. Thank you very much for coming in.

ROBERTSON: Thank you for having me.

Copyright © 2015 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.