About two and a half years ago, Lenovo was brought under fire for manufacturing products that had adware preinstalled on them. This malware, a variant called Superfish, was installed on up to 750,000 Lenovo devices, and the company--eager to put this incident behind them--still refuses to admit fault, despite paying reparations and other fees as a result. Superfish allowed access to sensitive information and a root certificate, which could be used to access encrypted data on the same network. All in all, it was a rather embarrassing and dangerous scenario for Lenovo, and it comes with its fair share of consequences.
The Federal Trade Commission has finally declared a sentence for Lenovo, following this debacle. Lenovo must now notify all of their customers about the software that is preinstalled on any purchased devices, and retrieve the user’s consent. Furthermore, the company must allow security audits for the next 20 years, as well as pay $3.5 million in penalties and reparations. However, Lenovo continues to deny any fault in the matter, claiming that there are no instances of a third party actually exploiting this vulnerability to gain access to sensitive information or root access. These consequences feel like a slap in the face for those who felt wronged by Lenovo, but it’s better than nothing.
In the meantime, you need to make sure that your devices aren’t preloaded with Superfish--especially if you bought a device before 2014 and haven’t gone through the Superfish removal process. Furthermore, you should always be careful when buying new devices or technology, particularly if the devices are used. However, this incident shows that even brand new devices can potentially contain flaws, so it’s best to reach out to your IT provider, should you have any questions regarding the integrity of any technology purchases.
Directive can provide your business with a network audit to determine just what kinds of security vulnerabilities you’re dealing with. We can then implement solutions to keep your business secure. Furthermore, we can remote into your devices and remove any issues that we encounter without an on-site visit.
Do you need a hand with network security? Directive has got you covered. To learn more about how we can help your business, reach out to us at 607.433.2200.