Lenovo fined US$3.5 million for pre-installing adware on some laptops in 2015
In 2015, Lenovo got themselves in hot water when pre-installed software on some of their laptops was classified as adware. The adware, called 'VisualDiscovery,' was meant to analyze what users were viewing on the web and then created a pop-up advert of similar products.
This distraction was bad enough for most people to complain about it, but it got even worse when the software was found to be performing a man-in-the-middle attack, which means that it was intercepting traffic by using itself as a relay. This practice meant that it was compromising security — even on secure connections — and it wasn’t long until a security researcher showed how it could potentially be used to spy on encrypted communication. Lenovo followed up by releasing a tool to uninstall the software properly.
The aftermath resulted in Lenovo being taken to court in the United States, with the announcement of a settlement a few hours ago stating that Lenovo must pay out US$3.5 million to a 32-state coalition. This amount is tiny for a company the size of Lenovo, but the message it sends to manufacturers about the care needed around pre-installed software is where the value lies. In addition, Lenovo was required to implement a software security program for software installed on their laptops for the next 20 years (in the US). Lenovo is also prohibited from misrepresenting the features of pre-installed software that could inject advertising or transmit user data to third parties.
Lenovo has never agreed that the software was performing a man-in-the-middle-attack or that it was compromising user’s security.