Lenovo has a settlement with the US Federal Trade Commission (FTC) because of the delivery of SuperFish adware on consumer laptops. This adware appeared to intercept SSL connections so ads could be injected.
The SuperFish adware was discovered on Lenovo laptops in February 2015. This adware proved to be pre-installed on the systems by default without the customer being informed. The adware used its own root certificate, which made it possible to intercept SSL connections so ads could be injected.
The company previously met measures to reassure customers. Thus, a tool was made available to allow customers to remove the SuperFish adware from their laptops and gave the company users a free 6 month subscription for McAfee Security Software.
Now, the company is facing a settlement with the FTC, which launched an investigation into Lenovo’s process. The company has to pay 3.5 million dollars to the FTC. Lenovo also obliges customers to explicitly request permission before such software is installed on their systems. In the next 20 years, the company must implement a software security program for most software preinstalled on laptops. This program must be reviewed by a third party.