YouTube video
Attorney General George Jepsen announced Monday that he is launching an inquiry into Lenovo’s installation of potentially exploitable adware called “Superfish” onto consumer PCs.

The adware, which came pre-installed on many recent Lenovo consumer PCs, monitored the user’s web browser and inserted ads that were related to the content being browsed. Most troubling was that the adware decrypted secure communications from e-commerce and banking websites and passed that content back to the Superfish web servers for analysis without the user’s knowledge. It did this through what’s called a “man in the middle” attack where a security certificate installed on the Lenovo PC tricked the PC’s browser (and its user) into thinking it was on a secured connection.

“It’s extremely concerning that, based on published reports, Lenovo installed this software — which appears to have no meaningful benefit to the consumer — on devices without the purchaser’s knowledge,” Attorney General Jepsen said.

It didn’t take long for security researchers to break Superfish’s own encryption and demonstrate the means by which the Superfish software could be exploited to leak information to third parties.

“After consultation with technical experts, I have opened an investigation and asked both Lenovo and Superfish to provide information in order for me to determine if they have violated Connecticut’s laws prohibiting unfair and deceptive trade practices,” Jepsen added.

“The goal was to improve the shopping experience using [Superfish’s] visual discovery techniques,” Lenovo initially said in a statement. Lenovo Chief Technical Officer Peter Hortensius later told tech news site Re/code, “We messed up.”

Pre-installed “junkware” is nothing new to Windows PCs, especially on less expensive devices. Manufacturers often offset the cost of hardware by charging software makers and websites to have items preinstalled on mass market PCs. Microsoft launched their “Signature Edition” program to offer PCs from major manufacturers (including Lenovo) that are guaranteed to be free of preinstalled clutter. But those PCs often come at a higher price.

Lenovo has posted an automatic removal tool on their website for uninstalling Superfish. Here is an easy link to that tool:

Simply uninstalling the software through the Windows control panel won’t remove the security certificate vulnerability, so it’s important to use the Lenovo tool to properly remove it from the system. Lenovo says they installed the software on the following consumer PCs and laptops:

• G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45, G40-80
• U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
• Y Series: Y430P, Y40-70, Y50-70, Y40-80, Y70-70
• Z Series: Z40-75, Z50-75, Z40-70, Z50-70, Z70-80
• S Series: S310, S410, S40-70, S415, S415Touch, S435, S20-30, S20-30Touch
• Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 Pro, Flex 10
• MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11, MIIX 3 1030
• YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11, YOGA3 Pro
• E Series: E10-30
• Edge Series: Lenovo Edge 15

Lon Seidman is the host and producer of “Lon.TV,” a consumer technology video show that is on a number of platforms including YouTube and Amazon. He creates in-depth, consumer-friendly product reviews and commentary. His YouTube channel has over 300,000 subscribers and more than 100 million views.

In addition to being a full-time content creator, Lon is an adjunct faculty member at the University of Hartford (his alma mater) where he teaches a course in entrepreneurial content creation.

Prior to becoming a full-time creator, Lon was a partner at The Safety Zone, his family’s business that manufactures gloves and safety equipment. The company has locations around the globe and employs over 200 people worldwide. The Safety Zone was acquired by the Genuine Parts Corporation in 2016.

Lon is also active in public service, serving as the Chairman of the Essex Board of Education, a member of the Region 4 Board of Education, and as the Secretary / Treasurer of the Connecticut Association of Boards of Education. He was endorsed by both Democrats and Republicans for his re-election in 2021.

The views, opinions, positions, or strategies expressed by the author are theirs alone, and do not necessarily reflect the views, opinions, or positions of