March 14, 2008
In the ongoing saga of defective Chinese-made products hitting U.S. store shelves, digital picture frames sold at Best Buy and Target stores, Apple iPods and TomTom GPS navigation software have all been found to contain a variety of unwelcome “bonuses” — identity theft programs which steal passwords; viruses which can spew forth spam to everyone in your computer address book; and Trojan programs which open back doors on your system for hackers, who can then gain control of your computer for future attacks — sometimes against government websites. While previous infections most commonly occurred by opening e’mail attachments, by clicking on links in e’mail or by visiting a malicious website, it’s now possible to get a dangerous digital infection just by plugging a new device into your computer. Made-in-China products sold at Sam’s Club have also been infected.
While the problem could stem from poor quality control in Chinese factories, such as if a factory worker recharges an infected iPod on a computer used in testing, there are more ominous potential causes as well. If a hacker were to introduce a virus, Trojan or other malware during early stages of computer production when software is installed, the problem could be more serious. The number of infected computers could already be huge, but it’s impossible to pinpoint numbers because electronics manufacturers won’t release pertinent data, in part due to fierce competition amongst them. (And, of course, they like to make sales and don’t really care much about what the end result is, once they’ve parted consumers from their dollars.
Marcus Sachs, formerly a cybersecurity official at the White House, now runs the SANS Internet Storm Center, a global cooperative monitoring Internet security and assessing cyber threats. He likened the possibility of infected computers to “the old cockroach thing — you flip the lights on in the kitchen and they run away…You think you’ve got just one cockroach? There’s probably thousands more of those little boogers that you can’t see.”
According to CTV, Jerry Askew, 42, of Los Angeles and ironically a computer consultant, was one of the victims of malicious software (malware). He bought a $50 Chinese-made Uniek digital picture frame at Target and installed it on his computer. Immediately, his antivirus program alerted him to threats: The picture frame contained four viruses, including one which steals passwords. (Passwords are most often stolen when keylogging programs are installed. The keylogger then captures any password, financial data or credit card number that you type in.) Askew commented: “You expect quality control coming out of the manufacturers. You don’t expect that sort of thing to be on there.”
Many security experts think that infected software is being loaded in the final stages of production, such as when goods are pulled from the assembly line for testing during inspection. But experts caution that while some infections could be innocent, factory infections are a potential avenue of attack which hackers can exploit. Many security experts think this method of attack is likely to increase. And while keeping antivirus software updated and in use regularly is still the most effective protection against computer hacks, Computer Associates reported that digital picture frames bought at Sam’s Club carried a previously unknown keylogger that disabled antivirus programs and stole online gaming passwords. Your antivirus software can only protect against known threats, not unknown ones.
Some of the largest electronics manufacturers in the world were contacted for information on how they safeguard their products from infection. They included Asustek Computer, Inc.; Flextronics International Ltd. of Singapore; the Taiwan-based Hon Hai Precision Industry Co., which makes iPods in China; and Quanta Computer, Inc. of Taiwan. Some companies didn’t respond. Of those who did, all declined to comment. None of the companies whose products suffered from factory infections would provide details of how the problems were corrected and what safeguards have been implemented to prevent recurrences. Apple admitted that some iPods sold in 2006 were infected with a virus, but provided no further information.
Best Buy, which is the largest consumer electronics chain in the country, said it pulled the infected digital pictures frames and took further action against its vendor, but refused to say what those actions were. Target and Sam’s Club lagged behind the others, saying only that they’re investigating complaints about infected digital pitures frames but both claimed they haven’t been able to verify whether or not their frames are infected. Why can’t Sam’s and Target confirm this? All it takes is a test computer and someone with knowledge of antivirus-type programs.
The security risks posed by malware are a hidden cost of outsourcing jobs to China. Consumers are at risk of both damage to their computer systems and financial loss, and government agencies have increasingly warned against the threat of cyberattacks which could cripple our national security and our economy. In fact, it’s believed that recent outages at Blackberry, the Bell Sympatico Internet service in Canada and Microsoft’s popular “Instant Messenger” chat program and “Hotmail” e’mail program were caused when Pakistan tried to block YouTube from that country. Few details of this exploit were provided to the public, although the incident does highlight the potential fragility of the Internet.
Read more computer security news, about how Chinese hackers attacked the Oak Ridge Nuclear Facility last October, or read our popular tips about how to protect yourself from computerized phishing scams and identity theft scams.
Copyright ©2008 pajamadeen.com