Chinese multinational tech giant, Lenovo, has been found to be installing spying software (spyware) on its laptops (yet again).
Most of its laptops (and some smartphones too) come pre-installed with certain default software(s) from the very start. While some of it is essential, a lot of it is just useless crapware installed for corporate (or financial) reasons.
Shockingly, Lenovo has been caught using this technique to spy on its own users for financial gain.
Hidden Lenovo Spyware Program
Michael Horowitz, a writer at ComputerWorld, bought a ThinkPad (Lenovo’s flagship Laptop lineup) this year and decided to go through the task scheduler database. There, he found a task called “Lenovo Customer Feedback Program 64”, running on a daily basis. He also found some other files in the task’s folder that pointed to Omniture, an online marketing and web analytics firm.
Horowitz clearly remembers that he signed no agreement to give Lenovo the authority to use his PC usage data while setting up his PC, nor was he notified of such a software. He also managed to uncover a document which mentions the data being taken was “non-personal and non-identifying information”. Soon after, Lenovo also issued an official statement claiming that they collect “non-personally identifiable statistical usage data that is not tracked to any single customer or device”.
However, given their poor track record in ensuring their customers’ privacy, it’s hard to trust them on this one. This is not the first time that Lenovo — the largest PC maker in the world — has been caught spying on its own users. In fact, it’s the third time!
The Superfish Scandal
In early 2015, Lenovo was found pre-loading an adware software called “Superfish” on their laptops. Superfish, named after the advertising company that made it, was used to alter search results on your web browser to show you different ads than you would otherwise see.
What really messed it up for Lenovo was the fact that Superfish was hugely flawed. It exposed critical user data like banking transactions, passwords, emails, instant messages for attackers. Known as a man-in-the-middle attack, hackers could use this flaw to spy on the users’ Internet traffic and even infiltrate their computer.
“We messed up badly,” said Peter Hortensius, Lenovo’s chief technology officer.
The very same year the Superfish scandal hit the headlines, Lenovo was caught red-handed again in a similar case. This time, the Chinese company was using a hidden Windows feature to install unwanted and un-removable rootkit software on certain Lenovo laptop and desktop systems it sold.
Called “Lenovo Service Engine” (LSE), it was a piece of code inserted into the firmware. It was responsible for making sure that a user cannot uninstall Lenovo software. If a user did that or re-installed Windows, the LSE would automatically download and install Lenovo’s software again during boot time. It could even survive a full system wipe-and-reinstall.
How to remove Lenovo Spyware?
Fortunately, it’s not hard to remove this software (unlike RootKit and Superfish). It will barely take a few minutes and you should definitely do it if you want to ensure your privacy:
- Download TaskSchedulerView (32-bit or 64-bit, depending on your computer)
- Search your Lenovo computer for Lenovo Customer Feedback Program 64.
- Disable Lenovo Customer Feedback Program 64 daily task from running.
- Rename the Lenovo folder to anything else in “C:\Program Files (x86)\Lenovo”
What Can Consumers Do Against this Breach of Privacy?
As we conclude this piece, it bears mentioning that consumers have the power to ensure that a high-profile company doesn’t get away with such blatant disregard for privacy. The only way to change Lenovo’s behavior is by not using your wallets when it comes to Lenovo products. Until the company abandons their anti-privacy practice altogether that is.