Hardware vendor Lenovo has paid a sum of US$3.5 million to settle a lawsuit brought by the US Federal Trade Commission on behalf of 32 American states over charges that the company's laptops came with spyware pre-installed between August and December 2014.
The spyware, known as Visual Discovery, was present on the laptops unknown to users, and developed by a company known as Superfish, according to anti-virus firm Sophos.
These machines were designed to send all users' Web traffic to a Superfish proxy server, with Visual Discovery acting as a man-in-the-middle for all secure connections.
Additionally, the spyware was set up so that users would be told they had a TLS certificate problem, because Superfish itself was signing certificates.
{loadposition sam08}Once this came to light, the company says it stopped selling laptops loaded with the spyware by early 2015.
Acting FTC chairman Maureen Ohlhausen said: "Lenovo compromised consumers’ privacy when it preloaded software that could access consumers’ sensitive information without adequate notice or consent to its use.
"This conduct is even more serious because the software compromised online security protections that consumers rely on."
Lenovo said it disagreed with the allegations in the complaints made by the 32 states. "...(but) we are pleased to bring this matter to a close after two and a half years," the company said.
"To date, we are not aware of any actual instances of a third party exploiting the vulnerabilities to gain access to a user’s communications."