Lenovo Group based in China, the largest PC maker in the world had virus-like software pre-installed on its laptops that made the device vulnerable to computer hacking said experts in cybersecurity on Thursday.
Users first reported as long ago as last June that Superfish a program pre-installed by the Lenovo group on laptops for consumers was nothing but adware, or software that displays advertising automatically.
Robert Graham the CEO at a security firm based in the U.S. called Errata Security, said that Superfish is a malicious software that is able to hijack and then throw open encrypted connections, which paves the way for hackers to commander the connections and to eavesdrop, in what is referred to an attack known as man in the middle.
A Lenovo administrator on its official forum said in January that Superfish was temporarily removed from its consumer computers. Lenovo executives did not make a comment on this report due to the current Chinese Lunar New Year holiday.
Graham as well as other security experts said Lenovo had been negligent and that computers were still vulnerable even after Superfish was uninstalled. The software throws the encryptions open by giving itself authority to take control of connections and declaring them as secure and trusted, even when they are not secure.
The way the software functionality works means that it must be intercepting traffic to insert the ads, which amounts to nothing more than a wiretap, said the security official.
Concerns over cybersecurity have hurt companies based in China including Huawei the telecom equipment makers over its ties to the government of China, as well as Xiaomi the maker of smartphones over data privacy.
Lenovo commanded 20% of the global personal computer market during the 2014 third quarter according to IC the data research firm.
