Lenovo CTO admits fault over Superfish software vulnerability
Lenovo’s chief technology officer has admitted the firm “messed up” by installing a piece of software on its laptops that leaves consumers vulnerable to attack.
The Chinese company has come under fire for shipping laptops with the Superfish adware, which analyses images users look at when browsing the web in order to push lower-priced products to them in the form of ads.
Because Superfish circumvents websites’ own SSL security certificates, it leaves consumers vulnerable to man-in-the-middle attacks. That could allow users bank details and other sensitive information to be harvested by third-parties when they log on to web accounts.
“We messed up,” Lenovo CTO Peter Hortensius told Recode on Friday. “We should have known that going in that that was the case. We just flat-out missed it on this one, and did not appreciate the problem it was going to create.”
“We are taking our beating like we deserve on this issue,” he added.
Read more: Best laptops 2015
Earlier this week the firm said it had stopped installing the software on its laptops and is has provided instructions for disabling it, but had played down the security fears.
“We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns,” the Chinese company said in a statement earlier this week.
“We are not just curled up in a ball,” Hortensius said. “We are taking real action to make this right with our customers.”