Aardvark Daily

Please visit the sponsor!

The toaster stole my password

I see that, in the wake of Stuxnet and any number of viruses that went before it, a new threat to commercial, industrial and state cyber-security has been discovered.

Called W32.Flamer, this malware reportedly appears to be a piece of code so complex and of a scale that it would almost certainly have been developed by a government bent on extracting otherwise secure data from the computers of other nations.

Perhaps the most amazing thing about this bit of malware is that it appears to have been in place for some time, up to two years on some of the infected systems.

What the?

I'm pretty sure that this must throw into question, the usefulness of the expensive anti-virus software that has become such an important part of most people's PC configuration.

If one bit of spyware can stay resident for two years without detection, how many other as yet "undiscovered" threats lurk in computers that may handle data which ought to be kept secure?

Or might it be that the infected sites were just poorly administered and didn't even run an up-to-date AV package?

Of course the malware in question was designed to run under Windows -- because it's the biggest target and therefore most likely to carry valuable information -- but what of the other platforms which could conceal such spyware?

China has been identified as a major participant in cyber-spying and online hacking, with many alleging that this is state-sponsored. Should that be ringing alarm bells?

If you stop and think for a moment -- we're now very used to sourcing almost everything which is electronic, from China.

Buy an MP3 player and it'll likely be made in China.

That new BluRay disk player -- it'll have been made in China.

Check the cheap flat-screen LCD TV you bought last month -- made in China.

Now to date, this has hardly been a security issue -- but that's rapidly changing.

Your MP3 player hooks up to your PC for downloading files -- if it does so through the USB port and you're running a version of Windows pre the latest XP patch -- it becomes a vector for the installation of malware onto that PC.

Your BluRay player will probably require connection to your DSL router in order to receive firmware updates or to show "extra features" -- which gives it an "in" to your computer system.

Likewise, those Net-connected TV sets or those which will take a USB drive are all quite capable of becoming a vector for injecting malware onto your computer.

In order to deliver malware via these vectors, all that's required is for the manufacturers (perhaps under the direction of China's government) to write that malware into the firmware of the appliance and spit it out whenever it detects a suitable network or device online.

Just as we've already seen USB drives shipped out of China with malware installed, I'm picking that it's only a matter of time before we see "appliance malware" -- code that comes pre-installed in your latest Net/PC connectible device and which dumps its payload covertly, while in normal use.

I seem to recall reading not so long ago that the US military found some malware in electronic devices sourced from China - how long before your smart new IP-aware toaster decides to ship your secrets off to some foreign power?

Well that little rant ought to have set alarm bells ringing within the halls of paranoid governments around the world.

My job is done -- for another day :-)

Please visit the sponsor!

Have your say on this...

PERMALINK to this column

Oh, and don't forget today's sci/tech news headlines

Rank This Aardvark Page

Change Font