(Image: Lenovo.com)
Twice before Lenovo has been caught spying on the users and this is the third time that the company has been found doing the same. Computerworld’s Michael Horowitz has discovered a software installed on Lenovo’s computers. The application is called “Lenovo Customer Feedback Program 64” and its primary function is gathering feedback information from users.
However, in actuality, the program is a spyware that tracks the locations of the users without even informing them. Millions of users around the globe use Lenovo computers and most of them are unaware of the existence of this software on their computers. Even in the past it was found that Lenovo was selling computers with preinstalled software which was used to collect data of the customers for the commercial purposes.
One such application is Superfish, a spyware that was found preinstalled on Lenovo laptops and workstations at the beginning of this year. Several antivirus companies consider Superfish as a trojon, spyware or adware however it was observed that the company blatantly disregarded the apparent threat of this application which can be used as a medium by attackers to exploit the vulnerabilities of a user’s computer.
Superfish was capable of stealing details of web browsing history of users and this was done by using self-signed and fake root certificates that injected adware codes to the user sessions. After facing criticism on several forums, Lenovo removed the application.
Something similar was discovered just a month ago in August when it was discovered that the company is installing rootkit applications that cannot be removed. A feature known as LSE or “Lenovo Service Engine” is a part of the firmware of Lenovo’s computers that exploits the system at the time of the installation of Windows and replaces few of the operating system’s files. These remain on the system even if users uninstall and reinstall Windows. Users on several Lenovo forums have stated that it is not possible to uninstall the bootkit of Lenovo. The tracking software has been embedded in Lenovo ThinkCentre, ThinkStation and ThinkPad series computers.
The company however claims that its applications do not collect data or any other personally identifiable information. It simply collects basic information such as system model and ID, region and date.
Horowitz on his discovery of the tracking application has quoted, “The task that gave me pause is called “Lenovo Customer Feedback Program 64”. It was running daily. According to the description in the task scheduler: “This task uploads Customer Feedback Program data to Lenovo.” Horowitz has further stated that the company has mentioned the file in its End User License Agreement and the agreement can be found in the below folder:
(Image: securityaffairs.co)
C:\windows\system32\oobe\info.
However, there are 39 files in the folder and which one is the agreement is not specified.
Lenovo has always been specifying that the data collected by them is only of their own apps and no sensitive individual information is collected by them. Of the files included in the application, there is a file called Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst.dll. Omniture is involved in online and marketing and web analytics and it could have been included for the purpose of monitoring the activities of the users online.
