More lawyers swoop down on Lenovo, Superfish with class-action lawsuits in hand

Lenovo and adware maker, Superfish, came under more legal fire as two new lawsuits were filed in federal courts taking the firms to task for putting consumers at risk of hacker spying and information theft.

Lenovo and adware maker, Superfish, has come under more legal fire yesterday as two new lawsuits were filed in California federal courts taking the firms to task for putting consumers at risk of hacker spying and information theft.

The two complaints - the second and third since the China-based computer OEM (original equipment manufacturer) admitted it had pre-loaded adware on its consumer PCs in the second half of 2014 - named both Lenovo and Superfish, and each lawsuit requested class-action status so that others could join the case.

Last week's first lawsuit covered much of the same ground as the two lodged Monday.

David Hunter of North Carolina, the plaintiff in one of the lawsuits, alleged that Lenovo and Superfish violated the US Electronic Communications Privacy Act and other laws, and asked that the court force the firms to surrender any revenue generated by the sale of consumers' browsing data and monies earned from the advertising produced by the adware.

Hunter said he bought a Lenovo Y50 laptop - one of dozens of models Lenovo said it had pre-installed Superfish on from September through December 2014 - via the OEM's website in October.

In the second complaint, filed by Sterling International Consulting Group (SICG) of Statesville, NC, Lenovo and Superfish were charged with breaking the U.S. Wiretapping Act, state and federal anti-fraud regulations and other laws.

Of the two new complaints, Hunter's was the more interesting as it relied not only on press reports about Superfish's vulnerability and Lenovo's actions both before and after last week's explosion of information, but also dug a bit deeper and offered insights into the adware's operation.

The complaint drew a line between Superfish and Komodia, the Israeli company whose technology the former used in its Visual Discovery adware to circumvent browser-to-server encryption, and whose self-signed certificate's password was easily cracked last week.

Hunter's lawyers brought up Komodia Redirector, Komodia's flagship product that the firm boasts "intercepts traffic on the local machine based on rules that you [the developer] define."

"Defendants' local proxy is their version of a product sold by non-party Komodia, which is marketed as a 'redirector product' ('Komodia Redirector')," stated Hunter's complaint. "The Komodia Redirector lets defendants 'redirect traffic' away from the user's intended recipient and 'to the proxy service. When a connection is made' by the user, the Komodia Redirector determines whether a specific communication 'should be intercepted' and then intercepts and reroutes the communications to the local proxy."

Security researcher Marc Rogers of CloudFlare, one of several experts who has investigated Lenovo's use of Superfish and the latter's behavior, called out the Komodia-made proxy for not properly implementing SSL (secure socket layer) -- the Web's encryption standard -- leaving PCs with the software open to tampering or eavesdropping, even if the certificate hadn't been junk.

"In one move, this software trashes the last decade of browser security and privacy work, and the last five years of SSL cipher management," Rogers argued in a Feb. 19 post to his personal blog.

Lenovo today declined to respond to the new lawsuits, with its head of corporate communications, Brion Tingler, saying, "We do not comment on pending legal matters," in an email.

Superfish did not reply to a request for comment.

Join the CSO newsletter!

Error: Please check your email address.

Tags Malware & VulnerabilitiesantispamsecurityLenovo

More about LenovoSterling

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place