- A+
The company faced a collective demand in which it was stated that users' privacy had been compromised该公司面临集体需求,其中声称用户的隐私受到了损害
Lenovo, thought to be a reliable technology and computer equipment manufacturing company, hogged the attention of the cybersecurity community in 2015, thanks to several digital forensics specialists who announced that 750k laptops manufactured by the company had preinstalled in its system an adware called VisualDiscovery , developed by the company Superfish .联想被认为是一家可靠的技术和计算机设备制造公司,由于一些数字取证专家宣布该公司生产的750k笔记本电脑已在其系统中预装了一个名为VisualDiscovery的广告软件,该公司在2015年引起了网络安全社区的关注。由Superfish公司提供。
According to experts in digital forensics from the International Institute of Cyber Security, this adware played a fundamental role in compromising the security measures of online use of the machines where it was installed, accessing financial information from the user and making variants of the attack known as Man-in-the-Middle in private connections, thanks to which an attacker could have gained access to the machine system to spy on the users' encrypted communications.根据国际网络安全研究所的数字取证专家的说法,这种广告软件在危害安装机器在线使用的安全措施,从用户访问财务信息以及将攻击的变种称为私人连接中的中间人 ,由于攻击者可以访问机器系统来监视用户的加密通信。
The United States District Court of the Northern District of California granted the initial approval of the agreement on November 21, four months after Lenovo and the consumers filed before the tribunal to end the action against spyware installed on the laptops.美国加利福尼亚州北区地方法院于11月21日批准该协议的初步批准,此前联想和消费者向法庭提起诉讼以结束对笔记本电脑上安装的间谍软件的诉讼四个月。
After the collective lawsuit, Lenovo reached an agreement to pay $7.3M USD to customers who found adware preinstalled on their devices, jeopardizing their privacy.在集体诉讼之后,联想达成协议,向发现其设备上预装广告软件的客户支付730万美元,从而危及他们的隐私。
During the time that this practice was made public, Lenovo dedicated itself to deny the accusations, as well as claimed to be unaware that some third party had exploited some of its applications.在这种做法被公开的时候, 联想致力于否认这些指控,并声称不知道某些第三方利用了它的一些应用程序。 In addition, the company claims that since 2015 had stopped selling Superfish software with its equipment.此外,该公司声称自2015年以来已停止销售带有设备的Superfish软件。
“While Lenovo has never been in agreement with the allegations contained in the collective lawsuit, the company is glad to finally close this case which has taken more than two years of legal proceedings. “虽然联想从未与集体诉讼中的指控达成一致,但该公司很高兴最终结束此案,该案件已经进行了两年多的法律诉讼。 To date Lenovo is not aware of a single case in which a third party has been able to exploit a vulnerability to gain access to user communications,” the company statement mentions.迄今为止,联想尚未发现第三方能够利用漏洞获取用户通信的单一案例,“该公司声明提到。
Back in 2015, Robert Graham, a specialist in digital forensics , analyzed Superfish software, later recounting his findings:早在2015年, 数字取证专家Robert Graham分析了Superfish软件,后来他回顾了他的发现:
“Superfish software can be considered malicious in many ways. “Superfish软件在许多方面都被视为恶意软件。 It is designed to intercept any type of encrypted connection.它旨在拦截任何类型的加密连接。 However, it does so in a very poor way, leaving the system exposed to the NSA-style intelligence agencies or malicious hackers, who could spy on users' private banking operations,” Graham said.然而,它以非常糟糕的方式这样做,让系统暴露于NSA风格的情报机构或恶意黑客,他们可能会监视用户的私人银行业务,“格雷厄姆说。
In 2017, Lenovo agreed with the Federal Trade Commission, Connecticut and 31 other states to pay $3.5M USD due to a similar controversy. 2017年,由于类似的争议,联想同意联邦贸易委员会,康涅狄格州和其他31个州支付350万美元。 The company was also committed to changing the way it sells its equipment.该公司还致力于改变其销售设备的方式。 In addition, in a besides agreement, the company paid $3.5M USD to the State authorities.此外,在另一项协议中,该公司向国家当局支付了350万美元。
