From iPods to navigation systems, some of today's hottest gadgets are landing on store shelves with some unwanted extras from the factory -- pre-installed viruses that steal passwords, open doors for hackers and make computers spew spam.
Computer users have been warned for years about virus threats from downloading Internet porn and opening suspicious e-mail attachments. Now they run the risk of picking up a digital infection just by plugging a new gizmo into their PCs.
Recent cases include some of the most widely used tech devices: Apple iPods, digital picture frames sold by Target and Best Buy stores and TomTom navigation gear.
PHOTO: AP
In most cases, Chinese factories -- where many companies have turned to keep prices low -- are the source.
So far, the virus problem appears to come from lax quality control -- perhaps a careless worker plugging an infected music player into a factory computer used for testing -- rather than organized sabotage by hackers or the Chinese factories.
It's the digital equivalent of the series of tainted products traced to China, including toxic toothpaste, poisonous pet food and toys coated in lead paint.
Yet although sloppiness is the simplest explanation, its is not the only one.
If a virus is introduced at an earlier stage of production, by a hacker when software is uploaded to the gadget, then the problems could be far more serious.
Knowing how many devices have been sold or tracking the viruses is impossible because of the secrecy kept by electronics makers and the companies they hire to build their products.
But given the nature of manufacturing, the numbers could be huge.
"It's like the old cockroach thing -- you flip the lights on in the kitchen and they run away," said Marcus Sachs, a former White House cybersecurity official who now runs the security research group SANS Internet Storm Center. "You think you've got just one cockroach?"
Jerry Askew, a Los Angeles computer consultant, bought a Uniek digital picture frame to surprise his 81-year-old mother for her birthday. But when he added family photos, it tried to unload a few surprises of its own.
When Askew plugged the frame into his PC, his antivirus program alerted him to a threat. The US$50 frame, built in China, had four viruses, including one that steals passwords.
Security experts say the malicious software is apparently being loaded at the final stage of production, when gadgets are pulled from the assembly line and plugged in to a computer to make sure everything works.
If the computer is infected -- say, by a worker who used it to charge his own infected iPod -- the digital germ can spread.
The recent infections may be accidental, but security experts say they point out an avenue of attack that could be exploited.
"We'll probably see a steady increase over time," said Zulfikar Ramzan, a computer security researcher at Symantec Corp. "The hackers are still in a bit of a testing period -- they're trying to figure out if it's really worth it."
Thousands of people whose antivirus software isn't up to date may have been infected by new products without even knowing it, experts warn. And even protective software may not be enough.
In one case, digital frames sold at Sam's Club contained a previously unknown bug that not only steals online gaming passwords but disables antivirus software, security researchers at CA Inc said.
One information-technology worker wrote to the SANS security group that his digital picture frame delivered "the nastiest virus that I've ever encountered in my 20-plus-year IT career."
Monitoring the suppliers in China and elsewhere is expensive and cuts into the savings of outsourcing. But it's what US companies must do to prevent poisoning on the assembly line, said Yossi Sheffi, a professor at the Massachusetts Institute of Technology specializing in supply chain management.
"It's exactly the same thing, whether it happened in cyberspace or software or lead paint or toothpaste or dog food -- they're all quality control issues," Sheffi said.
The AP contacted some of the largest electronics manufacturers for details on how they guard against infections -- among them Taiwan's Hon Hai Precision Industry Co (
All declined to comment or did not respond.
The companies whose products were infected in cases reviewed by the AP refused to discuss the details of the incidents. Of those that confirmed factory infections, all said that they had corrected the problems and taken steps to prevent any recurrences.
Apple disclosed the most information, saying the virus that infected a small number of video iPods in 2006 came from a PC used to test compatibility with the gadget's software.
Best Buy said it pulled its affected China-made frames from the shelves and took "corrective action" against its vendor. But the company declined requests to provide details.
Sam's Club and Target say they are looking into complaints.
Legal experts say manufacturing infections could become a big headache for retailers.
"The photo situation is really a cautionary tale -- they were just lucky that the virus that got installed happened to be one that didn't do a lot of damage," said Cindy Cohn, of the Electronic Frontier Foundation. "But there's nothing about that situation that means next time the virus won't be a more serious one."
In his National Day Rally speech on Sunday, Singaporean Prime Minister Lawrence Wong (黃循財) quoted the Taiwanese song One Small Umbrella (一支小雨傘) to describe his nation’s situation. Wong’s use of such a song shows Singapore’s familiarity with Taiwan’s culture and is a perfect reflection of exchanges between the two nations, Representative to Singapore Tung Chen-yuan (童振源) said yesterday in a post on Facebook. Wong quoted the song, saying: “As the rain gets heavier, I will take care of you, and you,” in Mandarin, using it as a metaphor for Singaporeans coming together to face challenges. Other Singaporean politicians have also used Taiwanese songs
NORTHERN STRIKE: Taiwanese military personnel have been training ‘in strategic and tactical battle operations’ in Michigan, a former US diplomat said More than 500 Taiwanese troops participated in this year’s Northern Strike military exercise held at Lake Michigan by the US, a Pentagon-run news outlet reported yesterday. The Michigan National Guard-sponsored drill involved 7,500 military personnel from 36 nations and territories around the world, the Stars and Stripes said. This year’s edition of Northern Strike, which concluded on Sunday, simulated a war in the Indo-Pacific region in a departure from its traditional European focus, it said. The change indicated a greater shift in the US armed forces’ attention to a potential conflict in Asia, it added. Citing a briefing by a Michigan National Guard senior
CHIPMAKING INVESTMENT: J.W. Kuo told legislators that Department of Investment Review approval would be needed were Washington to seek a TSMC board seat Minister of Economic Affairs J.W. Kuo (郭智輝) yesterday said he received information about a possible US government investment in Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) and an assessment of the possible effect on the firm requires further discussion. If the US were to invest in TSMC, the plan would need to be reviewed by the Department of Investment Review, Kuo told reporters ahead of a hearing of the legislature’s Economics Committee. Kuo’s remarks came after US Secretary of Commerce Howard Lutnick on Tuesday said that the US government is looking into the federal government taking equity stakes in computer chip manufacturers that
CLAMPING DOWN: At the preliminary stage on Jan. 1 next year, only core personnel of the military, the civil service and public schools would be subject to inspections Regular checks are to be conducted from next year to clamp down on military personnel, civil servants and public-school teachers with Chinese citizenship or Chinese household registration, the Mainland Affairs Council (MAC) said yesterday. Article 9-1 of the Act Governing Relations Between the People of the Taiwan Area and the Mainland Area (臺灣地區與大陸地區人民關係條例) stipulates that Taiwanese who obtain Chinese household registration or a Chinese passport would be deprived of their Taiwanese citizenship and lose their right to work in the military, public service or public schools, it said. To identify and prevent the illegal employment of holders of Chinese ID cards or
RSS