From iPods to navigation systems, some of today's hottest gadgets are landing on store shelves with some unwanted extras from the factory -- pre-installed viruses that steal passwords, open doors for hackers and make computers spew spam.
Computer users have been warned for years about virus threats from downloading Internet porn and opening suspicious e-mail attachments. Now they run the risk of picking up a digital infection just by plugging a new gizmo into their PCs.
Recent cases include some of the most widely used tech devices: Apple iPods, digital picture frames sold by Target and Best Buy stores and TomTom navigation gear.
PHOTO: AP
In most cases, Chinese factories -- where many companies have turned to keep prices low -- are the source.
So far, the virus problem appears to come from lax quality control -- perhaps a careless worker plugging an infected music player into a factory computer used for testing -- rather than organized sabotage by hackers or the Chinese factories.
It's the digital equivalent of the series of tainted products traced to China, including toxic toothpaste, poisonous pet food and toys coated in lead paint.
Yet although sloppiness is the simplest explanation, its is not the only one.
If a virus is introduced at an earlier stage of production, by a hacker when software is uploaded to the gadget, then the problems could be far more serious.
Knowing how many devices have been sold or tracking the viruses is impossible because of the secrecy kept by electronics makers and the companies they hire to build their products.
But given the nature of manufacturing, the numbers could be huge.
"It's like the old cockroach thing -- you flip the lights on in the kitchen and they run away," said Marcus Sachs, a former White House cybersecurity official who now runs the security research group SANS Internet Storm Center. "You think you've got just one cockroach?"
Jerry Askew, a Los Angeles computer consultant, bought a Uniek digital picture frame to surprise his 81-year-old mother for her birthday. But when he added family photos, it tried to unload a few surprises of its own.
When Askew plugged the frame into his PC, his antivirus program alerted him to a threat. The US$50 frame, built in China, had four viruses, including one that steals passwords.
Security experts say the malicious software is apparently being loaded at the final stage of production, when gadgets are pulled from the assembly line and plugged in to a computer to make sure everything works.
If the computer is infected -- say, by a worker who used it to charge his own infected iPod -- the digital germ can spread.
The recent infections may be accidental, but security experts say they point out an avenue of attack that could be exploited.
"We'll probably see a steady increase over time," said Zulfikar Ramzan, a computer security researcher at Symantec Corp. "The hackers are still in a bit of a testing period -- they're trying to figure out if it's really worth it."
Thousands of people whose antivirus software isn't up to date may have been infected by new products without even knowing it, experts warn. And even protective software may not be enough.
In one case, digital frames sold at Sam's Club contained a previously unknown bug that not only steals online gaming passwords but disables antivirus software, security researchers at CA Inc said.
One information-technology worker wrote to the SANS security group that his digital picture frame delivered "the nastiest virus that I've ever encountered in my 20-plus-year IT career."
Monitoring the suppliers in China and elsewhere is expensive and cuts into the savings of outsourcing. But it's what US companies must do to prevent poisoning on the assembly line, said Yossi Sheffi, a professor at the Massachusetts Institute of Technology specializing in supply chain management.
"It's exactly the same thing, whether it happened in cyberspace or software or lead paint or toothpaste or dog food -- they're all quality control issues," Sheffi said.
The AP contacted some of the largest electronics manufacturers for details on how they guard against infections -- among them Taiwan's Hon Hai Precision Industry Co (
All declined to comment or did not respond.
The companies whose products were infected in cases reviewed by the AP refused to discuss the details of the incidents. Of those that confirmed factory infections, all said that they had corrected the problems and taken steps to prevent any recurrences.
Apple disclosed the most information, saying the virus that infected a small number of video iPods in 2006 came from a PC used to test compatibility with the gadget's software.
Best Buy said it pulled its affected China-made frames from the shelves and took "corrective action" against its vendor. But the company declined requests to provide details.
Sam's Club and Target say they are looking into complaints.
Legal experts say manufacturing infections could become a big headache for retailers.
"The photo situation is really a cautionary tale -- they were just lucky that the virus that got installed happened to be one that didn't do a lot of damage," said Cindy Cohn, of the Electronic Frontier Foundation. "But there's nothing about that situation that means next time the virus won't be a more serious one."
Taiwan aims to open 18 representative offices and seven Taiwan Tourism Information Centers worldwide by next year to attract international visitors, the Tourism Administration said on Saturday. The agency has so far opened three representative offices abroad this year and would open two more before the end of the year, it said. It has also already opened information centers in Jakarta, Mumbai and Paris, and is to open one in Vancouver next month and in Manila in December, it said. Next year, it would also open offices in Amsterdam, Dubai and Sydney, it added. While the Cabinet did not mention international tourists in its
EYES AT SEA: Many marine enthusiasts have expressed interest in volunteering for coastal patrols, which would help identify stowaways and illegal fishing, the CGA said Six thousand coastal patrol volunteers are to be recruited for 159 inspection offices to enhance the nation’s response to “gray zone” conflicts, Coast Guard Administration (CGA) sources said yesterday. Volunteer teams would be established to increase the resilience of coastal defense systems in the wake of two unlawful entries attempted by Chinese over the past three months, Ocean Affairs Council Minister Kuan Bi-ling (管碧玲) said. A former Chinese navy captain drove a motorboat into the Tamsui River (淡水河) in Taipei on the eve of the Dragon Boat Festival in June, while another Chinese man sailed in a rubber boat into the Houkeng
NEXT LEVEL: The defense ministry confirmed that a video released last month featured personnel piloting new FPV drone systems being developed by the Armaments Bureau Taipei and Washington are pushing for their drone companies to work together to establish a China-free supply chain, the Financial Times reported on Friday. A delegation of high-level executives and US government officials were yesterday to arrive in Taipei to discuss with their Taiwanese counterparts collaboration on drone technology procurement and development, the report said. The executives represent 26 US manufacturers of drone and counter-drone systems, while the officials are from the US Department of Commerce and the US Department of Defense’s Defense Innovation Unit, along with Dev Shenoy, principal director for microelectronics in the Office of the Under Secretary of Defense
‘ANONYMOUS 64’: A national security official said that it is an attempt by China to increase domestic anti-Taiwanese sentiment and inflame cross-strait tensions The Ministry of National Defense’s (MND) Information, Communications and Electronic Force Command (ICEFCOM) yesterday denied accusations by China that it had undermined regional security by carrying out cyberattacks against targets in China, adding instead that Beijing was responsible for raising tensions and undermining regional peace. The Chinese Ministry of State Security on WeChat accused a hacker group called “Anonymous 64” of targeting China, Hong Kong and Macau starting earlier this year through frequent cyberattacks. The group carried out cyberattacks to seize control of Web sites, outdoor electronic billboards and video-on-demand platforms in China, Hong Kong and Macau, it said, adding the hackers’