Lenovo
Lenovo Group Limited, trading as Lenovo (/ləˈnoʊvoʊ/ lə-NOH-voh, Chinese: 联想; pinyin: Liánxiǎng), is a Chinese[8] multinational technology company specializing in designing, manufacturing, and marketing consumer electronics, personal computers, software, business solutions, and related services.[5] Products manufactured by the company include desktop computers, laptops, tablet computers, smartphones, workstations, servers, supercomputers, data storage devices, IT management software, and smart televisions. Its best-known brands include its ThinkPad business line of laptop computers (acquired from IBM), the IdeaPad, Yoga, LOQ, and Legion consumer lines of laptop computers, and the IdeaCentre, LOQ, Legion, and ThinkCentre lines of desktop computers. As of 2024, Lenovo is the world's largest personal computer vendor by unit sales.[9]
Native name
联想集团有限公司
Liánxiǎng Jítuán Yǒuxiàn Gōngsī
- Hong Kong[2]
(registered office) - Beijing, China[3][4]
(Operational headquarters) - Morrisville, North Carolina, United States[5]
(Operational headquarters)
Worldwide
Yang Yuanqing (Chairman & CEO)
US$3.080 billion (2022)[6]
US$300.80 million (2023)[6]
US$308.92 billion (2023)[6]
US$60.047 billion (2023)[6]
177,000 (2023)[6]
Lenovo has operations in over 60 countries,[10] and sells its products in around 180 countries.[11] It was incorporated in Hong Kong,[2] with global headquarters in Beijing, and Morrisville, North Carolina, United States.[3][4] It has research centres in Beijing, Chengdu, Yamato (Kanagawa Prefecture, Japan), Singapore, Shanghai, Shenzhen, and Morrisville,[5] and also has Lenovo NEC Holdings, a joint venture with NEC that produces personal computers for the Japanese market.
History[edit]
1984–1993: Founding and early history[edit]
Lenovo was founded in Beijing on 1 November 1984 as Legend by a team of engineers led by Liu Chuanzhi and Danny Lui. Initially specializing in televisions, the company migrated towards manufacturing and marketing computers.
Security and privacy incidents[edit]
Superfish[edit]
In February 2015, Lenovo became the subject of controversy for having bundled software identified as malware on some of its laptops. The software, Superfish Visual Discovery, is a web browser add-on that injects Pricing advertising into search engine results pages. To intercept HTTPS-encrypted communications, the software also installed a self-signed public key certificate.[218][219] When the Superfish public-key cryptography was compromised, it was also discovered that the same private key was used across all installations of the software, leaving users vulnerable to security exploits utilizing the key.[220][221] Lenovo made between US$200,000 to 250,000 on its deal with Superfish.[222] In 2017 Lenovo agreed to pay US$3.5 million as part of a settlement with the US Federal Trade Commission.[223] and announced an apology to its customers and stock holders.
The head of Superfish responded to security concerns by saying the vulnerability was "inadvertently" introduced by Komodia, which built the application.[224] In response to the criticism, Lenovo detailed that it would cease further distribution and use of the Superfish software, and offered affected customers free six-month subscriptions to the McAfee LiveSafe software.[225] Lenovo issued a promise to reduce the amount of "Software bloat" it bundles with its Windows 10 devices, promising to only include Lenovo software, security software, drivers, and "certain applications customarily expected by users".[226] Salon tech writer David Auerbach compared the Superfish incident to the Sony DRM rootkit scandal, and argued that "installing Superfish is one of the most irresponsible mistakes an established tech company has ever made."[227]
Lenovo Service Engine[edit]
From October 2014 through June 2015, the UEFI firmware on certain Lenovo models had contained software known as "Lenovo Service Engine", which Lenovo says automatically sent non-identifiable system information to Lenovo the first time Windows is connected to the internet, and on laptops, automatically installs the Lenovo OneKey Optimizer program (software considered to be Software bloat) as well. This process occurs even on clean installations of Windows. It was found that this program had been automatically installed using a new feature in Windows 8, Windows Platform Binary Table, which allows executable files to be stored within UEFI firmware for execution on startup, and is meant to "allow critical software to persist even when the operating system has changed or been reinstalled in a "clean" configuration"; specifically, anti-theft security software. The software was discontinued after it was found that aspects of the software had security vulnerabilities, and did not comply with revised guidelines for appropriate usage of WPBT. On 31 July 2015, Lenovo released instructions and UEFI firmware updates meant to remove Lenovo Service Engine.[228][229][230]
Lenovo Customer Feedback program[edit]
At a third time in 2015, criticism arose that Lenovo might have installed software that looked suspicious on their commercial Think-PC lines. This was discovered by Computerworld writer Michael Horowitz, who had purchased several Think systems with the Customer Feedback program installed, which seemed to log usage data and metrics.[231] Further analysis by Horowitz revealed however that this was mostly harmless, as it was only logging the usage of some pre-installed Lenovo programs, and not the usage in general, and only if the user allowed the data to be collected. Horowitz also criticized other media for quoting his original article and saying that Lenovo preinstalled spyware, as he himself never used that term in this case and he also said that he does not consider the software he found to be spyware.[232]
Lenovo Accelerator[edit]
As of June 2016, a Duo Labs report stated that Lenovo was still installing bloatware, some of which leads to security vulnerabilities as soon as the user turns on their new PC.[233][234] Lenovo advised users to remove the offending app, "Lenovo Accelerator".[235] According to Lenovo, the app, designed to "speed up the loading" of Lenovo applications, created a man-in-the-middle security vulnerability.
U.S. Marine network security breach[edit]
In February 2021, Bloomberg Businessweek reported that U.S. investigators found in 2008 that military units in Iraq were using Lenovo laptops in which the hardware had been altered. According to a testimony from the case in 2010, "A large amount of Lenovo laptops were sold to the U.S. military that had a chip encrypted on the motherboard that would record all the data that was being inputted into that laptop and send it back to China". Lenovo was unaware of the testimony and the U.S. military did not inform the company of any security concerns. A Lenovo spokesperson stated that "we have no way to assess the allegations you cite or whether security concerns may have been triggered by third-party interference."[236]