From iPods to navigation systems, some of today's hottest gadgets are landing on store shelves with some unwanted extras from the factory -- pre-installed viruses that steal passwords, open doors for hackers and make computers spew spam.
Computer users have been warned for years about virus threats from downloading Internet porn and opening suspicious e-mail attachments. Now they run the risk of picking up a digital infection just by plugging a new gizmo into their PCs.
Recent cases include some of the most widely used tech devices: Apple iPods, digital picture frames sold by Target and Best Buy stores and TomTom navigation gear.
PHOTO: AP
In most cases, Chinese factories -- where many companies have turned to keep prices low -- are the source.
So far, the virus problem appears to come from lax quality control -- perhaps a careless worker plugging an infected music player into a factory computer used for testing -- rather than organized sabotage by hackers or the Chinese factories.
It's the digital equivalent of the series of tainted products traced to China, including toxic toothpaste, poisonous pet food and toys coated in lead paint.
Yet although sloppiness is the simplest explanation, its is not the only one.
If a virus is introduced at an earlier stage of production, by a hacker when software is uploaded to the gadget, then the problems could be far more serious.
Knowing how many devices have been sold or tracking the viruses is impossible because of the secrecy kept by electronics makers and the companies they hire to build their products.
But given the nature of manufacturing, the numbers could be huge.
"It's like the old cockroach thing -- you flip the lights on in the kitchen and they run away," said Marcus Sachs, a former White House cybersecurity official who now runs the security research group SANS Internet Storm Center. "You think you've got just one cockroach?"
Jerry Askew, a Los Angeles computer consultant, bought a Uniek digital picture frame to surprise his 81-year-old mother for her birthday. But when he added family photos, it tried to unload a few surprises of its own.
When Askew plugged the frame into his PC, his antivirus program alerted him to a threat. The US$50 frame, built in China, had four viruses, including one that steals passwords.
Security experts say the malicious software is apparently being loaded at the final stage of production, when gadgets are pulled from the assembly line and plugged in to a computer to make sure everything works.
If the computer is infected -- say, by a worker who used it to charge his own infected iPod -- the digital germ can spread.
The recent infections may be accidental, but security experts say they point out an avenue of attack that could be exploited.
"We'll probably see a steady increase over time," said Zulfikar Ramzan, a computer security researcher at Symantec Corp. "The hackers are still in a bit of a testing period -- they're trying to figure out if it's really worth it."
Thousands of people whose antivirus software isn't up to date may have been infected by new products without even knowing it, experts warn. And even protective software may not be enough.
In one case, digital frames sold at Sam's Club contained a previously unknown bug that not only steals online gaming passwords but disables antivirus software, security researchers at CA Inc said.
One information-technology worker wrote to the SANS security group that his digital picture frame delivered "the nastiest virus that I've ever encountered in my 20-plus-year IT career."
Monitoring the suppliers in China and elsewhere is expensive and cuts into the savings of outsourcing. But it's what US companies must do to prevent poisoning on the assembly line, said Yossi Sheffi, a professor at the Massachusetts Institute of Technology specializing in supply chain management.
"It's exactly the same thing, whether it happened in cyberspace or software or lead paint or toothpaste or dog food -- they're all quality control issues," Sheffi said.
The AP contacted some of the largest electronics manufacturers for details on how they guard against infections -- among them Taiwan's Hon Hai Precision Industry Co (
All declined to comment or did not respond.
The companies whose products were infected in cases reviewed by the AP refused to discuss the details of the incidents. Of those that confirmed factory infections, all said that they had corrected the problems and taken steps to prevent any recurrences.
Apple disclosed the most information, saying the virus that infected a small number of video iPods in 2006 came from a PC used to test compatibility with the gadget's software.
Best Buy said it pulled its affected China-made frames from the shelves and took "corrective action" against its vendor. But the company declined requests to provide details.
Sam's Club and Target say they are looking into complaints.
Legal experts say manufacturing infections could become a big headache for retailers.
"The photo situation is really a cautionary tale -- they were just lucky that the virus that got installed happened to be one that didn't do a lot of damage," said Cindy Cohn, of the Electronic Frontier Foundation. "But there's nothing about that situation that means next time the virus won't be a more serious one."
ENDEAVOR MANTA: The ship is programmed to automatically return to its designated home port and would self-destruct if seized by another party The Endeavor Manta, Taiwan’s first military-specification uncrewed surface vehicle (USV) tailor-made to operate in the Taiwan Strait in a bid to bolster the nation’s asymmetric combat capabilities made its first appearance at Kaohsiung’s Singda Harbor yesterday. Taking inspiration from Ukraine’s navy, which is using USVs to force Russia’s Black Sea fleet to take shelter within its own ports, CSBC Taiwan (台灣國際造船) established a research and development unit on USVs last year, CSBC chairman Huang Cheng-hung (黃正弘) said. With the exception of the satellite guidance system and the outboard motors — which were purchased from foreign companies that were not affiliated with Chinese-funded
PERMIT REVOKED: The influencer at a news conference said the National Immigration Agency was infringing on human rights and persecuting Chinese spouses Chinese influencer “Yaya in Taiwan” (亞亞在台灣) yesterday evening voluntarily left Taiwan, despite saying yesterday morning that she had “no intention” of leaving after her residence permit was revoked over her comments on Taiwan being “unified” with China by military force. The Ministry of the Interior yesterday had said that it could forcibly deport the influencer at midnight, but was considering taking a more flexible approach and beginning procedures this morning. The influencer, whose given name is Liu Zhenya (劉振亞), departed on a 8:45pm flight from Taipei International Airport (Songshan airport) to Fuzhou, China. Liu held a news conference at the airport at 7pm,
Taiwan was ranked the fourth-safest country in the world with a score of 82.9, trailing only Andorra, the United Arab Emirates and Qatar in Numbeo’s Safety Index by Country report. Taiwan’s score improved by 0.1 points compared with last year’s mid-year report, which had Taiwan fourth with a score of 82.8. However, both scores were lower than in last year’s first review, when Taiwan scored 83.3, and are a long way from when Taiwan was named the second-safest country in the world in 2021, scoring 84.8. Taiwan ranked higher than Singapore in ninth with a score of 77.4 and Japan in 10th with
GRIDLOCK: The National Fire Agency’s Special Search and Rescue team is on standby to travel to the countries to help out with the rescue effort A powerful earthquake rocked Myanmar and neighboring Thailand yesterday, killing at least three people in Bangkok and burying dozens when a high-rise building under construction collapsed. Footage shared on social media from Myanmar’s second-largest city showed widespread destruction, raising fears that many were trapped under the rubble or killed. The magnitude 7.7 earthquake, with an epicenter near Mandalay in Myanmar, struck at midday and was followed by a strong magnitude 6.4 aftershock. The extent of death, injury and destruction — especially in Myanmar, which is embroiled in a civil war and where information is tightly controlled at the best of times —
RSS