Sorta OT.... Virus problems may affect us

What's to say this won't eventually come into play on our computer-controlled metalworking equipment? It could accidentally be
hard-coded into a chip.
This is the new scary thing in my mind... At least as far as technology...
Some Viruses Come Pre-Installed AP - Fri, 14 Mar 2008 06:53:31 -0400 (EDT) By JORDAN ROBERTSON
From iPods to navigation systems, some of today's hottest gadgets are landing on store shelves with some unwanted extras from the factory -- pre-installed viruses that steal passwords, open doors for hackers and make computers spew spam.
Computer users have been warned for years about virus threats from downloading Internet porn and opening suspicious e-mail attachments. Now they run the risk of picking up a digital infection just by plugging a new gizmo into their PCs.
Recent cases reviewed by The Associated Press include some of the most widely used tech devices: Apple iPods, digital picture frames sold by Target and Best Buy stores and TomTom navigation gear.
In most cases, Chinese factories -- where many companies have turned to keep prices low -- are the source.
So far, the virus problem appears to come from lax quality control -- perhaps a careless worker plugging an infected music player into a factory computer used for testing -- rather than organized sabotage by hackers or the Chinese factories.
It's the digital equivalent of the recent series of tainted products traced to China, including toxic toothpaste, poisonous pet food and toy trains coated in lead paint.
But sloppiness is the simplest explanation, not the only one.
If a virus is introduced at an earlier stage of production, by a corrupt employee or a hacker when software is uploaded to the gadget, then the problems could be far more serious and widespread.
Knowing how many devices have been sold, or tracking the viruses with any precision, is impossible because of the secrecy kept by electronics makers and the companies they hire to build their products.
But given the nature of mass manufacturing, the numbers could be huge.
"It's like the old cockroach thing -- you flip the lights on in the kitchen and they run away," said Marcus Sachs, a former White House cybersecurity official who now runs the security research group SANS Internet Storm Center. "You think you've got just one cockroach? There's probably thousands more of those little boogers that you can't see."
Jerry Askew, a Los Angeles computer consultant, bought a new Uniek digital picture frame to surprise his 81-year-old mother for her birthday. But when he added family photos, it tried to unload a few surprises of its own.
When he plugged the frame into his Windows PC, his antivirus program alerted him to a threat. The $50 frame, built in China and bought at Target, was infested with four viruses, including one that steals passwords.
"You expect quality control coming out of the manufacturers," said Askew, 42. "You don't expect that sort of thing to be on there."
Security experts say the malicious software is apparently being loaded at the final stage of production, when gadgets are pulled from the assembly line and plugged in to a computer to make sure everything works.
If the testing computer is infected -- say, by a worker who used it to charge his own infected iPod -- the digital germ can spread to anything else that gets plugged in.
The recent infections may be accidental, but security experts say they point out an avenue of attack that could be exploited by hackers.
"We'll probably see a steady increase over time," said Zulfikar Ramzan, a computer security researcher at Symantec Corp. "The hackers are still in a bit of a testing period -- they're trying to figure out if it's really worth it."
Thousands of people whose antivirus software isn't up to date may have been infected by new products without even knowing it, experts warn. And even protective software may not be enough.
In one case, digital frames sold at Sam's Club contained a previously unknown bug that not only steals online gaming passwords but disables antivirus software, according to security researchers at Computer Associates.
"It's like if you pick up a gun you've never seen before -- before you pull the trigger you'd probably check the chamber," said Joe Telafici, vice president of operations of McAfee Avert Labs, the security software maker's threat-research arm.
"It's an extreme analogy, but it's the right idea. It's best to spend the extra 30 seconds to be sure than be wrong," he added.
Consumers can protect themselves from most factory-loaded infections by running an antivirus program and keeping it up to date. The software checks for known viruses and suspicious behaviors that indicate an attack by malicious code -- whether from a download or a gadget attached to the PC via USB cable.
One information-technology worker wrote to the SANS security group that his new digital picture frame delivered "the nastiest virus that I've ever encountered in my 20-plus-year IT career." Another complained his new external hard drive had malfunctioned because it came loaded with a password-stealing virus.
Monitoring suppliers in China and elsewhere is expensive, and cuts into the savings of outsourcing. But it's what U.S. companies must do to prevent poisoning on the assembly line, said Yossi Sheffi, a professor at the Massachusetts Institute of Technology specializing in supply chain management.
But it's what U.S. companies must do to prevent poisoning on the assembly line, said Yossi Sheffi, a professor at the Massachusetts Institute of Technology specializing in supply chain management.
"It's exactly the same thing, whether it happened in cyberspace or software or lead paint or toothpaste or dog food -- they're all quality control issues," Sheffi said.
While manufacturing breakdowns don't happen often, they have become frequent enough -- especially amid intense competition among Chinese suppliers -- to warrant more scrutiny by companies that rely on them, Sheffi said.
"Most of the time it works," he said. "The Chinese suppliers have every reason to be good suppliers because they're in it for the long run. But it's a higher risk, and we've now seen the results of that higher risk."
The AP contacted some of the world's largest electronics manufacturers for details on how they guard against infections -- among them Hon Hai Precision Industry Co., which is based in Taiwan and has an iPod factory in China; Singapore-based Flextronics International Ltd.; and Taiwan-based Quanta Computer Inc. and Asustek Computer Inc. All declined comment or did not respond.
The companies whose products were infected in cases reviewed by AP refused to reveal details about the incidents. Of those that confirmed factory infections, all said they had corrected the problems and taken steps to prevent recurrences.
Apple disclosed the most information, saying the virus that infected a small number of video iPods in 2006 came from a PC used to test compatibility with the gadget's software.
Best Buy, the biggest consumer electronics outlet in the U.S., said it pulled its affected China-made frames from the shelves and took "corrective action" against its vendor. But the company declined repeated requests to provide details.
Sam's Club and Target say they are investigating complaints but have not been able to verify their frames were contaminated.
Legal experts say manufacturing infections could become a big headache for retailers that sell infected devices and the companies that make them, if customers can demonstrate they were harmed by the viruses.
"The photo situation is really a cautionary tale -- they were just lucky that the virus that got installed happened to be one that didn't do a lot of damage," said Cindy Cohn, legal director for the Electronic Frontier Foundation. "But there's nothing about that situation that means next time the virus won't be a more serious one."
Regards, Joe Agro, Jr. (800) 871-5022 01.908.542.0244 Automatic / Pneumatic Drills: http://www.AutoDrill.com Multiple Spindle Drills: http://www.Multi-Drill.com
V8013-R
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
I just installed the ZoneAlarm firewall and was amazed by all the pinging it detected and rejected, much of it from Asia.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Fri, 14 Mar 2008 16:08:43 -0700 (PDT), Jim Wilkins

=======Indeed.
FWIW, I had ZoneAlarm installed on my W2k Vio/AMD 2 gig machine and had problems with slow access and disconnects, although the firewall seemed to work ok.
I am currently using a package from Iolo that includes not only the firewall, butantivirus and a suite of tools to keep your PC running correctly such as optimizing the registery.
No connection except being a satisfied customer. You can run their package on 3 speperate PCs, and can download a free trial [have a high speed connection]
See http://www.iolo.com/SM/7/pro /
Hope this is of help.
Biggest improvement was when I installed Ubuntu 7.10 ....
Unka' George [George McDuffee] ------------------------------------------- He that will not apply new remedies, must expect new evils: for Time is the greatest innovator: and if Time, of course, alter things to the worse, and wisdom and counsel shall not alter them to the better, what shall be the end?
Francis Bacon (1561-1626), English philosopher, essayist, statesman. Essays, "Of Innovations" (1597-1625).
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
a simple HW firewall blocks all the external pinging pretty well
wrote:

--
Posted via a free Usenet account from http://www.teranews.com


Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Joe AutoDrill wrote:

It can't be hard coded, because that is only done in non programmable chips.
--
aioe.org is home to cowards and terrorists

Add this line to your news proxy nfilter.dat file
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Michael A. Terrell wrote:

Huh???
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
cavelamb himself wrote:

Hard coding is done with a mask when the part is designed, and manufactured. Programmable parts are 'Firmware', not hardware. That is why they used to make "masked ROMs" fr high volume manufacturing. They were cheaper than programmable ROMs, and didn't require programming. For instance, the Commodore computers and disk drives used masked ROMs.
Programmable parts make sense if you expect firmware changes, or only build handfuls of an item. The chances of an infected file being copied into a computer controlling a chip programer, allowing a chip to be programmed, and it working at all is zero. Believe me, I did my share of programming ICs, both in, and out of system. A virus in something with an OS stored in flash has a slim chance of accidentally happening, but the virus would have to be written for that OS. Is there a Ipod with a Pentium processor? All the MP3 players I've looked at were a single chip, that was designed for the purpose.
Also, computers to program parts are rarely connected to the outside world, and don't have any software for music, video or games to prevent idiots from goofing off. If an infected machine tool did get out of an OEM's hands, you can bet the lawsuits would most likely put them out of business.
--
aioe.org is home to cowards and terrorists

Add this line to your news proxy nfilter.dat file
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Michael A. Terrell wrote:

Ok, that's a little clearer...
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

It probably can't happen accidentally. But one of the speculations in the article was that workers could be accepting bribes to do it; it would be very straightforward to add it to the mask for a ROM if you wanted to (and you were the guy signing off on the mask).
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Joe Pfeiffer wrote:

Have you ever been involved in the design of an IC? Have you ever been in front of a design review where every detail of your work is picked to pieces? No one individual signs off on a design that costs a minimum of $10,000 for a test run, then the part has to be tested before it is put into production units. That step is referred to as 'Qualifying a component'. I worked in electronics manufacturing, where sample aluminum chassis had to be qualified before it was assigned a stock number, and purchasing was allowed to make the first order.
Do you know that good IC designers are millionaires? That would have to be one hell of a bribe, because you would probably spend the rest of your life in prison. AT the very least, you would be blackballed by the industry. If it was done in a second or third world country, they would probably execute you.
--
aioe.org is home to cowards and terrorists

Add this line to your news proxy nfilter.dat file
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

A long time ago, in a research project... my dissertation grew out of it.

No.
While you're obviously more familiar with the industry than I am, it sounds like you're also talking about a different league of design than I am -- I'm only thinking at the level of mask-programmed CPUs, not from-scratch IC designs.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Many of the embedded systems I've worked with recently used a PIC18 or MSP430 or DSP chip with the software in a serial PROM to allow upgrades and patches. Only the bootstrap loader was hard-coded. They certainly could have a virus inserted as long as the checksum or CRC still matched, meaning that a malicious programmer familiar with the code could do it but someone less familiar (like me) would have an awful time understanding the closely-coupled hardware and software well enough to make any changes that didn't just crash everything.
Jim Wilkins
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Jim Wilkins wrote:

That's my point. Unless it works exactly like it's supposed to, someone at the factory will catch it. Matching the checksum with different code isn't trivial, and any code used to program components is usually only available from a protected server as a read only file. Not only would they have to hack the server, and modify the code, they would have to match all the time and date stamps on the file.
--
aioe.org is home to cowards and terrorists

Add this line to your news proxy nfilter.dat file
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Michael A. Terrell wrote:

Sorry Michael, but if that were the actual truth you wouldn't be able to get 300K worth of software as a download from Latvia for 25 bucks. Even the Asic stuff. There are always practical considerations you see.
--

John R. Carroll
www.machiningsolution.com
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"John R. Carroll" wrote:

Ok, have it you way. THE SKY IS FALLING! THE SKY IS FALLING! THE SKY IS FALLING! THE SKY IS FALLING!
--
aioe.org is home to cowards and terrorists

Add this line to your news proxy nfilter.dat file
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Michael A. Terrell wrote:

Ok but being mostly BALD, it will just slide right off. LOL
--

John R. Carroll
www.machiningsolution.com
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"John R. Carroll" wrote:

That doesn't help when it's large, sharp pieces of a blown up satellite.
--
aioe.org is home to cowards and terrorists

Add this line to your news proxy nfilter.dat file
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sat, 15 Mar 2008 20:54:46 -0800, "John R. Carroll"

Firmware and software are greatly different.
Gunner
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sat, 15 Mar 2008 18:16:08 -0700 (PDT), Jim Wilkins

So lets say an unfriendly government, where the chips are made, could ship several hundred thousand chips with say..a backdoor programmed into the firmware?
Gunner
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

The US Government has publicly admitted doing just that at least once, to printers, but you're getting into the "I can neither confirm nor deny" zone. You could consider the fake broken-distillation-plant message from Midway an early example of planting a bug in the enemy's systems.
I remove all pre-installed software from new flash drives and check them with several up-to-date antivirus programs. Watch out for what executes when you play a DVD movie on your computer. PCFriendly is the known agent but there could easily be others using it's techniques. Process Explorer and Autoruns from Sysinternals are good monitoring tool for this, also HiJackThis and SpyBot to catch Registry changes. The main reason I back up my C: drive periodically (like yesterday) with Ghost or Acronis is so I can wipe and restore it if it gets infected. The faster PC with all the good stuff stays off line.
I've never worked on consumer-grade entertainment products, only avionics, industrial & medical equipment and the Segway, so I don't really know low-cost mass production practice.
In high-quality equipment, access to the firmware is blocked by a fuse link or password but the board or system test stations typically can unlock it and confirm the code, via Pogo pins on the JTAG port for instance. If there is a potential vulnerability it's the repair operation which has to be able to get into everything and load in emergency updates using their own custom fixture that Manufacturing may not understand or fully control. If I were an operative wanting to subvert a product I'd look for a company that outsources its field service repairs.
But yes, it's quite possible to add a backdoor. Unintentional defects certainly exist, I've found them in ICs that had been in production for years.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Polytechforum.com is a website by engineers for engineers. It is not affiliated with any of manufacturers or vendors discussed here. All logos and trade names are the property of their respective owners.