Car GPS Device Includes Malware, Infects PCs
The vendor rates the risk as "low," but security companies take issue with the defect.
Some TomTom satellite navigational devices used to keep drivers on the right road shipped with malicious code that tries to install onto any Windows PC the gizmo is connected to, the Amsterdam-based company confirmed Monday.
A "small, isolated number of TomTom GO 910's" manufactured during the fourth quarter of 2006 "may be infected by a virus," TomTom said in a statement. Althouth the TomTom GO 910 runs Linux and so is not affected by the malware, when the hardware is connected to a PC to back up its data, the virus tries to infect the computer.
- How Attackers Identify and Exploit Software and Network Vulnerabilities
- Quick Tips for Managing Mobile Users
White PapersMore >>
- Strategy: 3 Steps to a Hands-Free Cloud
- Best Practices: Using Apple's Global Proxy to Boost Mobile Security
TomTom pooh-poohed the risk, calling it "low" and telling users to update their PC's antivirus scanning software or, if they don't have the defense installed, to add it. "The Internet offers many free online virus scanners like Symantec and Kaspersky that will remove the virus safely from the TomTom GO 910 as soon as it is detected," the company said.
Security vendors didn't take such a laissez-faire attitude. Moscow-based Kaspersky Lab, for instance, disputed TomTom's claim that the malware risk was low.
Of the two pieces of malicious code added to the TomTom, one -- a Trojan dropper dubbed "Small.apl" -- not only installs the second, the relatively harmless "Perlovga.a" virus, but also adds a back door to the compromised PC. The back door could be used by an intruder to install other, more malicious, software on the PC.
"Even though it is a back door with limited functionality, [its] very presence changes the situation," said Roel Schouwenberg, a senior research engineer with Kaspersky, in an e-mail Monday.
Schouwenberg wasn't the only security researcher to take exception with TomTom's risk assessment.
"There are a number of postings on the Internet from TomTom purchasers asking for advice about the viruses, going back as far as September 2006," said Graham Cluley, a Sophos senior technology consultant, in another statement. "But they are the lucky ones who were running an antivirus product and caught the infection before it could cause too much harm. What's more worrying is how many innocent consumers may be out there who don't know they might have passed an infection onto their Windows PCs."
The incident follows a notable pair in 2006 when device makers passed malware along to users. In October, Apple admitted that some of its Video iPods were infected with a Windows worm, while only days earlier the Japanese subsidiary of fast food company McDonald's recalled more than 10,000 Trojan horse-infected MP3 players that had been given as contest prizes.