Lenovo Laptops Again Found To Carry Pre-Installed Spywares Which Sends Usage Data To 3rd Party
Lenovo is again in news; and once again, pre-installed, unauthorized spywares have been located in their refurbished laptops.
As per an investigation by Michael Horowitz from Computer World, it was shockingly discovered that some refurbished laptops sold by Lenovo carry a folder called “Lenovo Customer Feedback Program 64”. On closer investigation, it was found that this folder contains suspicious looking files: “Lenovo.TVT.CustomerFeedback.Agent.exe.config, Lenovo.TVT.CustomerFeedback.InnovApps.dll, and Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst.dll.”
These files are sending usage activity to Omniture, which is a 3rd party data analytics firm.
These discoveries were made on IBM ThinkPad T420 and T520 refurbished laptops. Michael was able to find these uncalled for files using a Task Manager tool to check CPU usage.
In Lenovo’s Defense: Its Part Of EULA
However, in case one reads the EULA documents for refurbished laptops, Lenovo have clearly stated that they may include some software components, which will send data to Lenovo. The support document on Lenovo’s website says, “Lenovo systems may include software components that communicate with servers on the internet – All ThinkCentre, All ThinkStation, All ThinkPad.”
And some of the files which Lenovo can include are:
Lenovo.TVT.CustomerFeedback.Agent.exe and LenovoExperienceImprovement.exe
But Why 3rd Party Is Receiving The Data?
Even if we disregard the fact that this small clause is buried deep within hundreds of pages of ‘Terms and Conditions’ for using Lenovo refurbished laptops, the main concern is that the end-user is never informed about the working of this back-door information outflow, and that the data is being sent to a 3rd party Analytics firm.
And, the other problem is that the user is not informed how to stop this unauthorized tracking and surveillance of their laptop. Although the EULA document mentions the steps to stop this analytics task, Michael was not able to locate the specific ‘settings’ for the same.
Interestingly, this document was uploaded after the Superfish fiasco which happened earlier this year; and the refurbished laptops investigated were bought last year.
Lenovo’s Earlier Attempts To Track Userdata
This is not the first instance of Lenovo laptops and smartphones being accused to spying on their users. Early this year, Lenovo’s new laptops were found to carry an adware called ‘SuperFish’, which directly influenced browsers such as Google Chrome, Firefox and Internet Explorer, and displayed advertisements and pop-ups to the end-user.
Later, Lenovo admitted their mistake, when their CTO Peter Hortensius said, “I have a bunch of very embarrassed engineers on my staff right now. They missed it.”
Early this month, we had reported that pre-installed spyware apps were found on Lenovo smartphones. However, they later issued a statement wherein the blame was put on third party marketplace and middlemen.
This latest discovery of spyware files on refurbished laptops from Lenovo raises fresh concerns for users’ privacy and data protection.