pinhead44
03-15-2008, 10:47 PM
I know this said not to bash Asian products, but hope it's ok. Free speech = truth, right?
By JORDAN ROBERTSON • Associated Press • March 14, 2008
From iPods to navigation systems, some of today's hottest gadgets are landing on store shelves with some unwanted extras from the factory — pre-installed viruses that steal passwords, open doors for hackers and make computers spew spam.
Recent cases reviewed by The Associated Press include some of the most widely used tech devices: Apple iPods, digital picture frames sold by Target and Best Buy stores and TomTom navigation gear.
In most cases, Chinese factories, where many companies have turned to keep prices low, are the source.
The virus problem appears to come from lax quality control, perhaps a careless worker plugging an infected music player into a factory computer used for testing, rather than from organized sabotage by hackers or the Chinese factories.
It's the digital equivalent of the recent series of tainted products traced to China, including toxic toothpaste, poisonous pet food and toy trains coated in lead paint.
Sloppiness is the simplest explanation, but it isn't the only one.
Knowing how many devices have been sold, or tracking the viruses with any precision, is impossible because of the secrecy kept by electronics makers and the companies they hire to build their products.
Given the nature of mass manufacturing, the numbers could be huge.
"It's like the old cockroach thing.
"You think you've got just one cockroach? There's probably thousands more of those little boogers that you can't see."
Jerry Askew, a Los Angeles computer consultant, bought a new Uniek digital picture frame to surprise his 81-year-old mother for her birthday, but when he added family photos, it tried to unload a few surprises of its own.
When he plugged the frame into his Windows PC, his antivirus program alerted him to a threat.
The $50 frame, built in China and bought at Target, was infested with four viruses, including one that steals passwords.
"You expect quality control coming out of the manufacturers," said Askew, 42.
"You don't expect that sort of thing to be on there."
Increase expected
The recent infections may be accidental, but security experts say they point out an avenue of attack that could be exploited by hackers.
"We'll probably see a steady increase over time," said Zulfikar Ramzan, a computer security researcher at Symantec Corp.
"The hackers are still in a bit of a testing period. They're trying to figure out if it's really worth it."
Thousands of people whose antivirus software isn't up to date may have been infected by new products without even knowing it, experts warn.
And even protective software may not be enough.
In one case, digital frames sold at Sam's Club contained a previously unknown bug that not only steals online gaming passwords but disables antivirus software, according to security researchers at Computer Associates.
Consumers can protect themselves from most factory-loaded infections by running an antivirus program and keeping it up to date.
The software checks for known viruses and suspicious behaviors that indicate an attack by malicious code, whether from a download or a gadget attached to the PC via USB cable.
Monitoring suppliers in China and elsewhere is expensive, and cuts into the savings of outsourcing, but it's what U.S. companies must do to prevent poisoning on the assembly line, said Yossi Sheffi, a professor at the Massachusetts Institute of Technology specializing in supply chain management.
"It's exactly the same thing, whether it happened in cyberspace or software or lead paint or toothpaste or dog food.
"They're all quality-control issues," Sheffi said.
While manufacturing breakdowns don't happen often, they have become frequent enough to warrant more scrutiny by the companies that rely on them, Sheffi said.
Makers won't comment
The AP contacted some of the world's largest electronics manufacturers for details on how they guard against infections, among them Hon Hai Precision Industry Co., which is based in Taiwan and has an iPod factory in China; Singapore-based Flextronics International Ltd.; and Taiwan-based Quanta Computer Inc. and Asustek Computer Inc. All declined comment or did not respond.
The companies whose products were infected in cases reviewed by AP refused to reveal details about the incidents.
Of those that confirmed factory infections, all said they had corrected the problems and taken steps to prevent recurrences.
By JORDAN ROBERTSON • Associated Press • March 14, 2008
From iPods to navigation systems, some of today's hottest gadgets are landing on store shelves with some unwanted extras from the factory — pre-installed viruses that steal passwords, open doors for hackers and make computers spew spam.
Recent cases reviewed by The Associated Press include some of the most widely used tech devices: Apple iPods, digital picture frames sold by Target and Best Buy stores and TomTom navigation gear.
In most cases, Chinese factories, where many companies have turned to keep prices low, are the source.
The virus problem appears to come from lax quality control, perhaps a careless worker plugging an infected music player into a factory computer used for testing, rather than from organized sabotage by hackers or the Chinese factories.
It's the digital equivalent of the recent series of tainted products traced to China, including toxic toothpaste, poisonous pet food and toy trains coated in lead paint.
Sloppiness is the simplest explanation, but it isn't the only one.
Knowing how many devices have been sold, or tracking the viruses with any precision, is impossible because of the secrecy kept by electronics makers and the companies they hire to build their products.
Given the nature of mass manufacturing, the numbers could be huge.
"It's like the old cockroach thing.
"You think you've got just one cockroach? There's probably thousands more of those little boogers that you can't see."
Jerry Askew, a Los Angeles computer consultant, bought a new Uniek digital picture frame to surprise his 81-year-old mother for her birthday, but when he added family photos, it tried to unload a few surprises of its own.
When he plugged the frame into his Windows PC, his antivirus program alerted him to a threat.
The $50 frame, built in China and bought at Target, was infested with four viruses, including one that steals passwords.
"You expect quality control coming out of the manufacturers," said Askew, 42.
"You don't expect that sort of thing to be on there."
Increase expected
The recent infections may be accidental, but security experts say they point out an avenue of attack that could be exploited by hackers.
"We'll probably see a steady increase over time," said Zulfikar Ramzan, a computer security researcher at Symantec Corp.
"The hackers are still in a bit of a testing period. They're trying to figure out if it's really worth it."
Thousands of people whose antivirus software isn't up to date may have been infected by new products without even knowing it, experts warn.
And even protective software may not be enough.
In one case, digital frames sold at Sam's Club contained a previously unknown bug that not only steals online gaming passwords but disables antivirus software, according to security researchers at Computer Associates.
Consumers can protect themselves from most factory-loaded infections by running an antivirus program and keeping it up to date.
The software checks for known viruses and suspicious behaviors that indicate an attack by malicious code, whether from a download or a gadget attached to the PC via USB cable.
Monitoring suppliers in China and elsewhere is expensive, and cuts into the savings of outsourcing, but it's what U.S. companies must do to prevent poisoning on the assembly line, said Yossi Sheffi, a professor at the Massachusetts Institute of Technology specializing in supply chain management.
"It's exactly the same thing, whether it happened in cyberspace or software or lead paint or toothpaste or dog food.
"They're all quality-control issues," Sheffi said.
While manufacturing breakdowns don't happen often, they have become frequent enough to warrant more scrutiny by the companies that rely on them, Sheffi said.
Makers won't comment
The AP contacted some of the world's largest electronics manufacturers for details on how they guard against infections, among them Hon Hai Precision Industry Co., which is based in Taiwan and has an iPod factory in China; Singapore-based Flextronics International Ltd.; and Taiwan-based Quanta Computer Inc. and Asustek Computer Inc. All declined comment or did not respond.
The companies whose products were infected in cases reviewed by AP refused to reveal details about the incidents.
Of those that confirmed factory infections, all said they had corrected the problems and taken steps to prevent recurrences.