Wednesday, March 5, 2014

Pre-installed Malware on New, Fresh-out-of-the-box Products

Three years ago, I quoted a GCN article stating that the number-one malware risk was infection of the supply chain and actually delivering infected products in unopened new products (see my post here). Today's Computerworld story (read it here) reports that some malicious Netflix applications—which send passwords and credit card information to Russia—are showing up on out-of-the-box Android phones. I've written extensively on supply chain exploits. Just type "supply chain" into the search bar at the left to see some knee-slappingly funny (if I do say so myself) prose on the subject.

Why go phishing when you can employ far less effort to simply roach the supply chain of major manufacturers? From EPROMs in printers to major software packages from Adobe and Microsoft to…yegads…Lenovo and Huawei products with prices too good to be true, the smart crooks are hitting the supply chains.

The GCN story concluded with an "On the bright side" statement:
Fortinet, a vendor of network security appliances, predicts that in 2011, there will be greater international collaboration to shut down the bad guys through the courts.
How's that working out, guys? Obviously you were "whistling in the graveyard" with that inane assessment. I predict that cyber privateers could put at stop to supply chain roaching within sixty days.

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?