From iPods to navigation systems, some of today's hottest gadgets are landing on store shelves with some unwanted extras from the factory -- pre-installed viruses that steal passwords, open doors for hackers and make computers spew spam.
Computer users have been warned for years about virus threats from downloading Internet porn and opening suspicious e-mail attachments. Now they run the risk of picking up a digital infection just by plugging a new gizmo into their PCs.
Recent cases include some of the most widely used tech devices: Apple iPods, digital picture frames sold by Target and Best Buy stores and TomTom navigation gear.
PHOTO: AP
In most cases, Chinese factories -- where many companies have turned to keep prices low -- are the source.
So far, the virus problem appears to come from lax quality control -- perhaps a careless worker plugging an infected music player into a factory computer used for testing -- rather than organized sabotage by hackers or the Chinese factories.
It's the digital equivalent of the series of tainted products traced to China, including toxic toothpaste, poisonous pet food and toys coated in lead paint.
Yet although sloppiness is the simplest explanation, its is not the only one.
If a virus is introduced at an earlier stage of production, by a hacker when software is uploaded to the gadget, then the problems could be far more serious.
Knowing how many devices have been sold or tracking the viruses is impossible because of the secrecy kept by electronics makers and the companies they hire to build their products.
But given the nature of manufacturing, the numbers could be huge.
"It's like the old cockroach thing -- you flip the lights on in the kitchen and they run away," said Marcus Sachs, a former White House cybersecurity official who now runs the security research group SANS Internet Storm Center. "You think you've got just one cockroach?"
Jerry Askew, a Los Angeles computer consultant, bought a Uniek digital picture frame to surprise his 81-year-old mother for her birthday. But when he added family photos, it tried to unload a few surprises of its own.
When Askew plugged the frame into his PC, his antivirus program alerted him to a threat. The US$50 frame, built in China, had four viruses, including one that steals passwords.
Security experts say the malicious software is apparently being loaded at the final stage of production, when gadgets are pulled from the assembly line and plugged in to a computer to make sure everything works.
If the computer is infected -- say, by a worker who used it to charge his own infected iPod -- the digital germ can spread.
The recent infections may be accidental, but security experts say they point out an avenue of attack that could be exploited.
"We'll probably see a steady increase over time," said Zulfikar Ramzan, a computer security researcher at Symantec Corp. "The hackers are still in a bit of a testing period -- they're trying to figure out if it's really worth it."
Thousands of people whose antivirus software isn't up to date may have been infected by new products without even knowing it, experts warn. And even protective software may not be enough.
In one case, digital frames sold at Sam's Club contained a previously unknown bug that not only steals online gaming passwords but disables antivirus software, security researchers at CA Inc said.
One information-technology worker wrote to the SANS security group that his digital picture frame delivered "the nastiest virus that I've ever encountered in my 20-plus-year IT career."
Monitoring the suppliers in China and elsewhere is expensive and cuts into the savings of outsourcing. But it's what US companies must do to prevent poisoning on the assembly line, said Yossi Sheffi, a professor at the Massachusetts Institute of Technology specializing in supply chain management.
"It's exactly the same thing, whether it happened in cyberspace or software or lead paint or toothpaste or dog food -- they're all quality control issues," Sheffi said.
The AP contacted some of the largest electronics manufacturers for details on how they guard against infections -- among them Taiwan's Hon Hai Precision Industry Co (
All declined to comment or did not respond.
The companies whose products were infected in cases reviewed by the AP refused to discuss the details of the incidents. Of those that confirmed factory infections, all said that they had corrected the problems and taken steps to prevent any recurrences.
Apple disclosed the most information, saying the virus that infected a small number of video iPods in 2006 came from a PC used to test compatibility with the gadget's software.
Best Buy said it pulled its affected China-made frames from the shelves and took "corrective action" against its vendor. But the company declined requests to provide details.
Sam's Club and Target say they are looking into complaints.
Legal experts say manufacturing infections could become a big headache for retailers.
"The photo situation is really a cautionary tale -- they were just lucky that the virus that got installed happened to be one that didn't do a lot of damage," said Cindy Cohn, of the Electronic Frontier Foundation. "But there's nothing about that situation that means next time the virus won't be a more serious one."
MORE VISITORS: The Tourism Administration said that it is seeing positive prospects in its efforts to expand the tourism market in North America and Europe Taiwan has been ranked as the cheapest place in the world to travel to this year, based on a list recommended by NerdWallet. The San Francisco-based personal finance company said that Taiwan topped the list of 16 nations it chose for budget travelers because US tourists do not need visas and travelers can easily have a good meal for less than US$10. A bus ride in Taipei costs just under US$0.50, while subway rides start at US$0.60, the firm said, adding that public transportation in Taiwan is easy to navigate. The firm also called Taiwan a “food lover’s paradise,” citing inexpensive breakfast stalls
TRADE: A mandatory declaration of origin for manufactured goods bound for the US is to take effect on May 7 to block China from exploiting Taiwan’s trade channels All products manufactured in Taiwan and exported to the US must include a signed declaration of origin starting on May 7, the Bureau of Foreign Trade announced yesterday. US President Donald Trump on April 2 imposed a 32 percent tariff on imports from Taiwan, but one week later announced a 90-day pause on its implementation. However, a universal 10 percent tariff was immediately applied to most imports from around the world. On April 12, the Trump administration further exempted computers, smartphones and semiconductors from the new tariffs. In response, President William Lai’s (賴清德) administration has introduced a series of countermeasures to support affected
CROSS-STRAIT: The vast majority of Taiwanese support maintaining the ‘status quo,’ while concern is rising about Beijing’s influence operations More than eight out of 10 Taiwanese reject Beijing’s “one country, two systems” framework for cross-strait relations, according to a survey released by the Mainland Affairs Council (MAC) on Thursday. The MAC’s latest quarterly survey found that 84.4 percent of respondents opposed Beijing’s “one country, two systems” formula for handling cross-strait relations — a figure consistent with past polling. Over the past three years, opposition to the framework has remained high, ranging from a low of 83.6 percent in April 2023 to a peak of 89.6 percent in April last year. In the most recent poll, 82.5 percent also rejected China’s
PLUGGING HOLES: The amendments would bring the legislation in line with systems found in other countries such as Japan and the US, Legislator Chen Kuan-ting said Democratic Progressive Party (DPP) Legislator Chen Kuan-ting (陳冠廷) has proposed amending national security legislation amid a spate of espionage cases. Potential gaps in security vetting procedures for personnel with access to sensitive information prompted him to propose the amendments, which would introduce changes to Article 14 of the Classified National Security Information Protection Act (國家機密保護法), Chen said yesterday. The proposal, which aims to enhance interagency vetting procedures and reduce the risk of classified information leaks, would establish a comprehensive security clearance system in Taiwan, he said. The amendment would require character and loyalty checks for civil servants and intelligence personnel prior to
RSS