Superfish injects product recommendations into search results and displays ads on otherwise legitimate pages. But, it also includes a universal self-signed certificate authority. This universal certificate authority allows man-in-the-middle attacks to inject ads even on secure encrypted (SSL) pages without triggering browser security warnings. Thus, making Lenovo laptops vulnerable to malware and malicious man-in-the-middle attacks. Additionally, Superfish adware uses memory resources and consumes bandwidth, affecting computer and network performance.
The Plaintiff, a blogger from San Diego, Jessica Bennett, alleges her laptop was damaged as a result of Lenovo’s pre-installation of Superfish on her laptop.
The complaint requests a jury trial and class action certification. The complaint charges both Lenovo and Superfish with violations of: The California Invasion of Privacy Act (CIPA); The Federal Electronic Communications Privacy Act (ECPA); Trespass to personal chattel under California common law; and “fraudulent” business practices under California’s Unfair Competition Law.