Sister CISA CISSP

Mar 31 2010   11:53PM GMT

A Trojan as a “Value-Add” for a Battery Charger

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

I’m really not sure why a USB battery charger would need software to be hooked up to a computer, or a coffee-maker, for that matter. As much as I like computers, using a computer to charge batteries appears a bit circuitous, at best. (Please pardon the really bad pun.)

It seems that product vendors, in ever more desperate efforts to introduce something “new,” think that some piece of software will help (help them, that is). The problem is, this software is often developed without good quality controls, and probably without testing of any sort other than “it works!”

Once this product is handed off to suppliers and retail merchants, it is “untrackable” in most, if not all, respects. So a recall gives me little comfort. Especially since the sales for the Bunny’s charger started in 2007.

“Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software,” Energizer said in a statement.

An additional question might be, “What are your quality controls for software that is issued with your products?”

It’s not that manufacturers are unaware of this issue. In 2007, Seagate Technology admitted that an unknown number of its hard drives left an Asian manufacturing plant with Trojan horses. (Wonder where they are now?)

And, of course, Best Buy’s digital picture frame, sold during the Christmas 2007 holiday season (was 2007 the year for this, or what?) with software that added a Trojan. Although the company made claims that it was making efforts to contact customers, (how, exactly?) it never specified the type of Trojan, nor did much more than post an announcement on its website.

Perhaps enough reputation failure will persuade manufacturers to improve their Quality Assurance practices ( how about a little security in the software development??)

Meantime, I guess it’s best to keep an eye on any software that comes with a “product.”

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: