Reports of three photo frames that came infected with a Trojan Horse were received by the Internet Storm Center this Christmas. The photo frames made by Advanced Design Systems were bought from different Sam’s Club stores.”It propagates to any connected device by copying a script, a com file and an autorun file,” one consumer reported to the ISC. “It hides all systems files and itself while completely eliminating the user admin ability to show hidden files. It creates processes that negate any attempt to go to anti virus and anti spam web sites. It prevents the remote installation of any antivirus components” (Robert Lemos, Security Focus).
Both Advanced Design Systems and Sam’s Club representatives could not be reached for comment by Security Focus, but it is suspected that the malware could have come in the manufacturing plant or from frames that were put back on shelves after being infected and returned to the stores. Often stores do not have very stringent policies on returns and will not know that an electronic has been compromised. Manufacturing plants can introduce a virus through an infected computer in the plant or perhaps an insider. Some manufacturers have made efforts to stem this rising trend by making sure all equipment and computers are not attached to any outside network.
This is not the first time that consumer electronics have been infected with malware and viruses. Anything with on-board memory has the potential to be infected including MP3 players, USB drives, hard drives, and even musical sunglasses.
Some examples of past incidents due to mistakes in manufacturing processes include a hard drive from Seagate in October 2007 and Apple’s iPods in 2006. The Seagate hard drives had a Trojan horse program that stole account identification and passwords for a Chinese online game. They had been infected at the manufacturing plant in China because of a computer at the plant that was infected. The iPods had a Windows virus sneak on board the hard drive.
It is not known whether this most recent attack was a mishap or intentional, but certainly there is a possibility of intentional attacks on consumer electronics. With the proliferation of personal electronics, this will be an increasing problem in the coming years.
Lemos, Robert. “Malware Hitches a Ride on Digital Devices,” Security Focus, Jan. 9 2008. http://www.securityfocus.com/news/11499.