Sign In

If You Bought a Lenovo Laptop Recently, You NEED to Read This

Pre-installed adware on Lenovo laptops has made users' personal information vulnerable. Find out if your model is affected, and how to properly fix the "Superfish" issue.
Published

Computer manufacturer Lenovo admitted this week not only that it had pre-installed adware on laptops, but that this software (which is called "Superfish") has made users' personal information vulnerable. Users are being urged to check to see if they are at risk, and to remove the adware if necessary.

If you've recently purchased a Lenovo laptop, you may have noticed that your brand-new PC had a tendency to display extra advertisements when you were searching the web or shopping online. If so, you saw Superfish at work. This application came pre-installed on certain Lenovo laptops sold between September and February 2015 in order to "help customers potentially discover interesting products while shopping."

Superfish Adware Issues a Security Certificate

Last month, Lenovo disabled the software from serving ads to users after receiving numerous customer complaints. But those customers may have more to worry about than annoying advertising pop-ups, because Superfish contains a potentially serious security flaw. In order to insert ads, the application has a security certificate on Lenovo systems which says the computer can trust it, even to look at web traffic that may be encrypted — like your online banking information.

Though Lenovo has stated that the application doesn't monitor your online behavior or record any data, giving an advertising program this level of access is a privacy concern, especially because Superfish itself is insecure and easily exploitable by hackers. Because every installation of Superfish is signed by the same private key, anyone with access to that key could potentially exploit Superfish to eavesdrop on your online activities, which would be easy to do on a public network you might find at a coffee shop. Worst of all is that even if you uninstall Superfish, the security certificate remains on your system to be potentially exploited. (The certificate can be removed as well, but it needs to be done manually, as noted below.)

Lenovo's chief technology officer, Peter Hortensius, admitted to the Wall Street Journal that the company didn't do enough due diligence in the case of Superfish. However, Hortensius also stressed that the security concerns are still only theoretical and that the company has "no insight that anything nefarious has occurred." Still, Lenovo issued a Security Advisory on Superfish listing the severity of the risk as "High."

Which Models Are Affected

We recommend checking your computer for Superfish if you purchased a laptop from Lenovo at the end of 2014 and early 2015. Models that may have come with Superfish pre-installed include:

  • G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
  • U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
  • Y Series: Y430P, Y40-70, Y50-70
  • Z Series: Z40-75, Z50-75, Z40-70, Z50-70
  • S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
  • Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
  • MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
  • YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
  • E Series: E10-30

However, the easiest way to find out if you're affected by Superfish is to use LastPass's online Superfish check. If this tells you that you do have Superfish installed, you can uninstall the software and the certificates by following Lenovo's instructions. If these instructions are a little too complicated, Lenovo has promised that an uninstall tool is coming soon.

Have you been affected by Superfish? What are you doing about it? Let us know in the comments below.


Contributing Writer

Elizabeth is a professional writer and a non-professional technology enthusiast, with a keen interest in how tech is changing the world we live in.
DealNews may be compensated by companies mentioned in this article. Unless marked as a "Sponsored Deal," the opinions expressed here are those of the author and have not been reviewed or endorsed by the companies mentioned. Please note that, although prices sometimes fluctuate or expire unexpectedly, all products and deals mentioned in this feature were available at the lowest total price we could find at the time of publication (unless otherwise specified).
You might also like
Leave a comment!
or Register
6 comments
operationajax
Lenovo is a Chinese company with headquarters in Beijing, China....No can go bankruptcy... lol
mach5jeep
I've never purchased a Lenovo PC before but knowing they install adware on their PC's I can now guarantee I never will. They deserve nothing less than bankruptcy for this.
Ricochet-Rabbit
The phone calls are from scammers in 3rd world countries who randomly pick names out of a phone directory. They have no idea if you even own a computer.
Their whole mission is to get you to allow them full access to your computer using Window's Remote Desktop. Only an idiot would fall for this scam, and fortunately for scammers, the world is full of idiots.
jcauthorn
Nice to see you mentioning the LastPass checker - it has a lot of nice security features.
datdamonfoo
If you're getting actual phone calls from people, I'd be worried. Due a full system scan on your computer (I recommend MalwareBytes and Kaspersky's root kit scanner) as soon as you can...
cable305
I purchased a Dell Inspiron 7000 series several months back and I seem to get tons of advertisements cookies and calls from people claiming to be window reps informing me of viruses in my system. I know everyone is out to make a dollar but this unending barrage of snooping attempts to push you to shopping sites had gotten unbearable.
Enter to win $2,000