News
News
1/29/2007
07:38 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Car GPS Device Includes Malware, Infects PCs

The vendor rates the risk as "low," but security companies take issue with the defect.

Some TomTom satellite navigational devices used to keep drivers on the right road shipped with malicious code that tries to install onto any Windows PC the gizmo is connected to, the Amsterdam-based company confirmed Monday.

A "small, isolated number of TomTom GO 910's" manufactured during the fourth quarter of 2006 "may be infected by a virus," TomTom said in a statement. Althouth the TomTom GO 910 runs Linux and so is not affected by the malware, when the hardware is connected to a PC to back up its data, the virus tries to infect the computer.

TomTom pooh-poohed the risk, calling it "low" and telling users to update their PC's antivirus scanning software or, if they don't have the defense installed, to add it. "The Internet offers many free online virus scanners like Symantec and Kaspersky that will remove the virus safely from the TomTom GO 910 as soon as it is detected," the company said.

Security vendors didn't take such a laissez-faire attitude. Moscow-based Kaspersky Lab, for instance, disputed TomTom's claim that the malware risk was low.

Of the two pieces of malicious code added to the TomTom, one -- a Trojan dropper dubbed "Small.apl" -- not only installs the second, the relatively harmless "Perlovga.a" virus, but also adds a back door to the compromised PC. The back door could be used by an intruder to install other, more malicious, software on the PC.

"Even though it is a back door with limited functionality, [its] very presence changes the situation," said Roel Schouwenberg, a senior research engineer with Kaspersky, in an e-mail Monday.

Schouwenberg wasn't the only security researcher to take exception with TomTom's risk assessment.

"There are a number of postings on the Internet from TomTom purchasers asking for advice about the viruses, going back as far as September 2006," said Graham Cluley, a Sophos senior technology consultant, in another statement. "But they are the lucky ones who were running an antivirus product and caught the infection before it could cause too much harm. What's more worrying is how many innocent consumers may be out there who don't know they might have passed an infection onto their Windows PCs."

The incident follows a notable pair in 2006 when device makers passed malware along to users. In October, Apple admitted that some of its Video iPods were infected with a Windows worm, while only days earlier the Japanese subsidiary of fast food company McDonald's recalled more than 10,000 Trojan horse-infected MP3 players that had been given as contest prizes.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, don’t look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.