Summary

The Associated Press reports that some new technology gadgets are coming to you pre-loaded with viruses, keystroke loggers, password loggers and other malicious software.

The infected gadgets appear to primarily have been manufactured in China and range from iPods, to TomTom navigational systems to digital picture frames and external hard drives.

Though it looks like most of the malware installations are due to poor quality standards that have inadvertently infected devices rather than deliberate cybercriminal activity, the AP articles points out that this is not always the case. Corrupt employees or hackers can deliberately infect the devices.

Understanding the scope of the issue has proven to be nearly impossible as neither the electronics companies nor the retailers have been cooperative.

Security experts expect to see increasing incidence levels and admonish the industry to step up their quality testing, and consumers to be even more vigilant about having antivirus and other malware detection software in place and up to date on their computers.

Things to think about

As if consumers didn’t have enough online safety issues to worry about, now we have to be concerned that new devices are pre-set to steal information. Beyond the indignation that consumers will end up paying good money for the privilege of being abused, two concerns came to mind while reading this article.

1. Why are the electronics companies and retailers unwilling to acknowledge the scope of the issue? Many are based outside the U.S. and perhaps feel less obliged to comment but why wouldn’t Apple, Target, Best Buy and Sams Club respond? When tainted meat, lead in toys, poisoned dog food or a salmonella outbreak occurs we expect to be instantly informed and told how the industry is responding.

What makes it OK to disregard consumer safety when it comes to malware? I suspect that the difference is that there are no government standards or requirements that these companies must adhere to, so the involved parties have chosen not to alert the public or be forthcoming when pressed.

1. Who will be held responsible for the damage done? The AP article states “Legal experts say manufacturing infections could become a big headache for retailers that sell infected devices and the companies that make them, if customers can demonstrate they were harmed by the viruses.”

But proving the source of the infection was a new device, and demonstrating (let alone understanding) the long-term level of damage caused may be particularly difficult.  If your bank accounts get compromised you can measure the impact.

But if your social security number or other core identifiers get stolen, the impact may reverberate for the rest of your life. If passwords get stolen and businesses impacted how will you definitely prove you’re your password loss was the leak that resulted in the business loss?

It feels a bit like the battle to prove the harm caused by smoking. With so many other potential factors, will the consequences be provable?

I’m outraged at the failure of electronics companies and retailers to step up to their responsibilities and treat Internet risks in the same manner consumer risks in other products are treated.  It’s critical that every user has installed the best security software available, but that does not mitigate the responsibility of companies to sell safe products

Until companies notify you that they have precautions in place and give you a guarantee the safety of their device, my recommendation is that you ask the store to first run the device on THEIR system to scan it for viruses and other malware.

Click here to read the full story.

Linda