Lenovo users lawyer up over hole-filled, HTTPS-breaking Superfish adware

In the wake of last week’s Lenovo’s Superfish debacle, at least one person has filed a lawsuit against the computer manufacturer and its notorious software partner, and one class-action investigation has begun.

San Diego blogger Jessica Bennett filed a lawsuit in federal court last week, charging Lenovo and Superfish with violating state and federal wiretap laws, trespassing on personal property, and violating California’s unfair competition law. In addition to this, a Pennsylvania law firm put out a press release on Friday that asked Lenovo customers to participate in a class action lawsuit investigation regarding the presence of Superfish on their computers.

Lenovo found itself in hot water last week when researchers discovered that pre-installed adware from a company called Superfish was making users vulnerable to man-in-the-middle attacks. The adware installed self-signed root HTTPS certificates that made it easy for Superfish (as well as low-skilled hackers) to intercept users’ encrypted Web traffic.

Read 8 remaining paragraphs | Comments