funsec mailing list archives
Gadgets as a malware infection vector.....
From: <rms () computerbytesman com>
Date: Thu, 31 Jan 2008 13:02:54 -0500
http://isc.incidents.org/diary.html?storyid=3892 Here is what we know so far: * Five digital photo frames from Advanced Design System were bought at various Sam's Clubs containing malware. * Best Buy pulled from the shelves several thousand digital photo frames from Insignia that contained malware. * Our readers reported more malware found on other devices such as * a set of MP3 playing sunglasses (store where sold is not known) * a 250GB Maxtor External One Touch Backup from Radio Shack * a "Flip Video Camera" from a California Costco * a MemoryVue 1040 Plus digital photo frame from Digital Spectrum Incorporated that was purchased at a Canadian Costco * an 8-inch Castleton digital photo frame from Uniek that was purchased at a Target * a Maxtor One Touch 250GB external hard drive purchased at Fry's Electronics We do not think that these situations are related but they do paint a picture of a new attack vector, the supply chain. By the supply chain, we mean this process: Factory -> Shipping -> Distributer -> Shipping -> Warehouse -> Shipping -> Retail Store -> Customer Several readers have submitted ideas about how these devices got infected: * The user's computer was already infected but the user did not know it * The device was infected by a customer then returned to the store where it was repackaged and resold * A store employee infected the device as a prank * A customer infected the device as a prank * The retail store is not "clean" but checked returned electronics items with an infected computer, thus spreading malware from one returned product to another * The distributer or the warehouse infected the device * One or more of the shipping companies infected the device * It was infected at the factory
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Gadgets as a malware infection vector..... rms (Jan 31)