Lenovo Class Action Lawsuit: Is your Lenovo computer spying on you?

traverselegal - February 23, 2015 - Consumer Class Actions, Internet Law, Lenovo Class Action Attorney

Chinese computer manufacturer Lenovo Group Ltd was caught  the Superfish adware on Lenovo brand personal computers, causing class action lawyers to claim consumer fraud and invasion of privacy lawsuits.  The laptops affected by Superfish include non-ThinkPad models such as G Series, U Series, Y Series, Z Series, S Series, Flex, Miix, Yoga and E Series. Lenovo installed adware using a “man-in-the-middle” attack to break secure connections to access sensitive data and inject advertising. This included a very weak certificate into the system which compromises any secure connection to virtually any website.

The Superfish software Lenovo pre-loaded tracks user behavior and makes product recommendations.  The software has major security holes which subject Lenovo customers to malicious attacks which can access login information, credit card information and other private customer data. Lenovo began installing spyware/adware  in September 2014 and continued through January 2015.  Security researcher Marc Rogers of CloudFlare, called out the Komodia-made proxy for not properly implementing SSL (secure socket layer) — the Web’s encryption standard — leaving PCs with the software open to tampering or eavesdropping, even if the certificate hadn’t been junk. Software with this vulnerability goes beyond Lenovo computers and the class action lawsuits currently filed.

Feel free to contact one of our consumer class action attorneys today to learn more.

Is my Lenovo computer model affected? Here is the list published by Lenovo advising on its error the products affected on the Lenova website:

Summary:

This advisory only applies to Lenovo Notebook products.
(ThinkPad, ThinkCentre, Lenovo Desktop, ThinkStation, ThinkServer and System x products are not impacted.)

SuperFish was previously included on some consumer notebook products shipped between September 2014 and February 2015 to assist customers with discovering products similar to what they are viewing. However, user feedback was not positive, and we responded quickly and decisively:

  1. SuperFish has completely disabled server side interactions (since January) on all Lenovo products so that the software product is no longer active, effectively disabling SuperFish for all products in the market.
  2. Lenovo ordered the pre-load removal in January.
  3. We will not preload this software in the future.

Published reports have recently identified vulnerabilities in the software, which include installation of a self-signed root certificate in the local trusted CA store.

Affected Products:  SuperFish may have appeared on these Lenovo Notebook models:
E-Series:   E10-30
Flex-Series:  Flex2 14, Flex2 15, Flex2 14D, Flex2 15D, Flex2 Pro, Flex 10
G-Series :  G410, G510, G710, G40-30, G40-45, G40-70, G40-80, G50-50, G50-45, G50-70, G50-80, G50-80Touch
Miix-Series:   Miix2 – 8, Miix2 – 10, Miix2 – 11, Miix 3 – 1030
S-Series:  S310, S410, S415, S415 Touch, S435, S20-30, S20-30 Touch, S40-70
U-Series:   U330P, U430P, U330 Touch, U430 Touch, U540 Touch
Y-Series:   Y430P, Y40-70, Y40-80, Y50-70, Y70-70
Yoga-Series:   Yoga2-11, Yoga2-13, Yoga2Pro-13, Yoga3 Pro
Z-Series:   Z40-70, Z40-75, Z50-70, Z50-75, Z70-8

Frequently Asked Questions about the Lenovo class action.

  1. How do I know what Lenovo computers are affected by the Superfish maleware?  See the list of computer models affected above.
  2. How do I become part of a class action against Lenovo?  Contact one of our class action lawyers for more information about your legal rights against Lenovo for costumer fraud, breach of contract and invasion of privacy.
  3. What attorneys are handing the a class action against Lenovo?  There will be numerous lawyers and law firms involved in legal actions against Lenovo.  Traverse Legal class action attorneys can provide representation to you, help you understand your legal rights and protect your claims.
  4. How do I submit a claim against Lenovo?  You will become part of a class action and your claims will be preserved.

Here are two more software makers have been caught adding dangerous, Superfish-style spyware to applications. AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet’s Transport Layer Security certificates, making it the world’s biggest certificate authority.

GET IN Touch

We’re here to field your questions and concerns. If you are a company able to pay a reasonable legal fee each month, please contact us today.