Daily Talk Forum
Brand new gizmo? Run a check for pre-installed bugs - Printable Version

+- Daily Talk Forum (http://www.dailytalkforum.com)
+-- Forum: General Discussions (/forum-general-discussions)
+--- Forum: Technology, Computers and the Internet (/forum-technology-computers-and-the-internet)
+--- Thread: Brand new gizmo? Run a check for pre-installed bugs (/thread-brand-new-gizmo-run-a-check-for-pre-installed-bugs)



Brand new gizmo? Run a check for pre-installed bugs - Jaggernaut - 03-15-2008 05:43 AM

Quote:SAN JOSE (CALIFORNIA) - IF YOU think that brand new iPod you are plugging into your computer is virus-free, think again.

Some of today's hottest gadgets are landing on store shelves with pre-installed viruses that steal passwords, open doors for hackers and make computers spew spam.

In most cases, lax quality controls at the Chinese factories used by many firms to keep their prices low are the source of the problem.

It is the digital equivalent of the recent series of tainted products traced to China, including toxic toothpaste, poisonous pet food and toy trains coated in lead paint.

Security experts say that the malicious software is apparently being loaded at the final stage of production when gadgets are pulled from the assembly line for testing and plugged into infected computers.

If the testing computer is infected - perhaps by a worker who used it to charge an infected iPod - the digital bug can spread to anything that is plugged in.

Gizmos from Apple iPods and digital photo frames to TomTom satellite navigation gear have been affected. According to Apple, a virus that infected a small number of video iPods in 2006 came from a computer used to test compatibility with the gadget's software.

Then there was the case of Mr Jerry Askew, a Los Angeles computer consultant who bought a new Uniek digital picture frame. When he plugged it into his PC, his anti-virus software alerted him to a threat.

The US$50 (S$69) frame, made in China and bought at Target, a US discount store chain, was infected with four viruses, including one that steals passwords.

'You expect quality control,' said Mr Askew, 42. 'You do not expect that sort of thing to be on there.'

But while accidental sloppiness is the simplest explanation, it is not the only one.

Hackers could be trying to upload bugs to the PCs of unsuspecting gizmo buyers via corrupt employees, say security experts.

Tracking infected gizmos would be impossible because of the secrecy maintained by the makers.

'The hackers are still in a bit of a testing period - they are trying to figure out if it is really worth it,' said Mr Zulfikar Ramzan, a computer security researcher at Symantec Corp.

'We will probably see a steady increase over time.'

Thousands of people whose anti-virus software is not up to date may have unknowingly infected their PCs via new products, experts warn.

Consumers can protect themselves from most factory-loaded infections by running anti-virus software and keeping it up to date.

'It is best to spend the extra 30 seconds to be sure than be wrong,' said Mr Joe Telafici, vice-president of operations at McAfee Avert Labs, the threat-research arm of security software maker McAfee Inc.

But even protective software may not be enough.

In one case, digital frames sold at US discount warehouse Sam's Club contained a previously unknown bug that stole online gaming passwords and disabled anti-virus software.

Monitoring suppliers in China and elsewhere is expensive and cuts into the savings of outsourcing, but it is what companies in the United States must do to prevent poisoning on the assembly line, said Professor Yossi Sheffi, of the Massachusetts Institute of Technology, who specialises in supply chain management.

'It is exactly the same thing, whether it happened in cyberspace or software or lead paint or toothpaste or dog food - they are all quality control issues,' he said.

You are warned.