Using the best methods of personal security isn't enough when the electronic gadgets you buy come with the virus preinstalled. The current problem seems to be insufficient quality control practices but could become a cracking attack vector.
Why bother to engage in risky behavior on the Web to infect your electronics when you can purchase products with viruses preinstalled?
From GPS navigational systems to iPods to digital picture frames, lately we have no way of knowing if the software that powers the device is as virus free as the rest of our computing systems. So far, Tom-Tom GPS, Apple, Target, and Best Buy have been hit by what appears to be a laxity in quality control on the part of Chinese factories. It would seem that electronics have found their "lead paint" issues.
It is believed that the issue is not one of any organized effort to introduce the virus, but there is no certain way to know that. If a virus is introduced at an early stage of production when software is uploaded to the gadget, the problems could be more serious and more widespread.
Knowing how many devices have been sold, or tracking the viruses with any precision, is impossible because of the secrecy kept by electronics makers and the companies they hire to build their products.
But given the nature of mass manufacturing, the numbers could be huge.
"It's like the old cockroach thing - you flip the lights on in the kitchen and they run away," said Marcus Sachs, a former White House cybersecurity official who now runs the security research group SANS Internet Storm Center. "You think you've got just one cockroach? There's probably thousands more of those little boogers that you can't see."
According to security experts, the viruses are introduced at the end of the manufacturing cycle when the gadget is pulled from the assembly line and plugged into a test computer to insure that everything is working. If the test computer is infected, it will infect anything that is plugged into it.
While the current threat is considered to be accidental, it is also exploitable.
Also from MSNBC:
"We'll probably see a steady increase over time," said Zulfikar Ramzan, a computer security researcher at Symantec Corp. "The hackers are still in a bit of a testing period - they're trying to figure out if it's really worth it."
Whether or not it is worth it to a hacker, some of the viruses that have been sold along with the latest consumer toys are pretty harsh. And having up to date anti-virus may not be enough. In one reported case, the virus loaded on a digital frame sold at Sam's Club was a variant previously unknown. It not only steals online gaming passwords, it also turns off anti-virus software.
Monitoring suppliers is expensive and negates the cost savings of outsourcing. But it appears that it is also a requirement, as electronics join tainted toothpaste and poisoned pet food on the list of Chinese recalls.
This is not the first time that we have heard of preinstalled viruses, and it isn't likely to be the last. As technology consumers, about all we can do is try to mitigate the threat. That means that we will have to evolve our personal security efforts yet again.
What are your best tips to avoid being infected by a preinstalled virus? And how do you take those tips into the workplace to keep it safe?
--------------------------------------------------------------------------------Stay on top of the latest tech news
Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!