Caveat Emptor factory infection spreads in electronic gadgets
America reports that from iPods to navigation systems, some of today's hottest gadgets are landing on store shelves with some unwanted extras from the factory -- pre-installed viruses that steal passwords, open doors for hackers and make computers spew spam.
Computer users, accustomed to virus threats from downloading Internet porn and opening suspicious e-mail attachments, can now run the risk of picking up a digital infection just by plugging a new gizmo into their PCs.
Recent cases reviewed by The Associated Press include some of the most widely used tech devices: Apple iPods, digital picture frames and TomTom navigation gear.
In most cases, Chinese factories -- where many companies have turned to keep prices low -- are the source.
The virus problem appears to come from lax quality control -- perhaps a worker plugging an infected music player into a factory computer used for testing -- rather than organised sabotage by hackers or Chinese factories.
But it equates to the recent series of tainted products traced to China, including toxic toothpaste, poisonous pet food and toy trains coated in lead paint.
If a virus is introduced at an earlier stage of production, by a corrupt employee or a hacker when software is uploaded to the gadget, the problems could be far more serious and widespread. Knowing how many devices have been sold, or tracking the viruses with any precision, is impossible because of secrecy kept by electronics makers and the companies hired to build their products. But given the nature of mass manufacturing, the numbers could be huge.
''It's like the old cockroach thing -- you flip the lights on in the kitchen and they run away,'' said Marcus Sachs, a former White House cybersecurity official who now runs the security research group SANS Internet Storm Center. ''You think you've got just one cockroach? There's probably thousands more...that you can't see.''
Jerry Askew, a Los Angeles computer consultant, bought a new Uniek digital picture frame to surprise his 81-year-old mother for her birthday. But when he added family photos through his Windows PC, his antivirus program alerted him to a threat. The $50 frame, built in China and bought at Target, was infested with four viruses, including one that steals passwords.
Security experts say the malicious software is apparently being loaded at the final stage of production, when gadgets are pulled from the assembly line and plugged into a computer to make sure everything works. If the testing computer is infected -- say, by a worker who used it to charge his infected iPod -- the digital germ can spread to anything else that gets plugged in.
The recent infections may be accidental, but security experts say they point out an avenue of attack that could be exploited by hackers. ''We'll probably see a steady increase over time,'' said Zulfikar Ramzan, a computer security researcher at Symantec Corp. ''The hackers are still in a bit of a testing period -- they're trying to figure out if it's really worth it.''
Thousands of people whose antivirus software isn't up to date may have been infected by new products without even knowing it, experts warn. And even protective software may not be enough. In one case, digital frames sold at Sam's Club contained a previously unknown bug that not only steals online gaming passwords but disables antivirus software, according to security researchers at Computer Associates.
Source:http://www.technologyreview.com/