Energizer Battery Charger Software Included Backdoor http://krebsonsecurity.com/2010/03/energizer-battery-charger-software-included-backdoor/
Energizer DUO USB battery charger software allows unauthorized remote system access http://www.kb.cert.org/vuls/id/154421
This is from 2010, so certainly not new concept, I hadn't heard of this specific hack before though, & to be honest, don't think I would have expected this, before reading Brian Kreb's article on it.
Though I was aware of the Vodafone issue that some of the Energizer Duo articles/comments mentioned http://research.pandasecurity.com/vodafone-distributes-mariposa/
To be clear, there wasn't Malware on the USB device itself, but in the software you could download from Energizer to monitor the device.
I didn't find any articles explaining how the Malware got inserted into the Energizer software, but some stories suggested it might have been in place for ~3 years.
If anyone has any more detail on this I would be interested in learning it.
Schneier also posted about it http://www.schneier.com/blog/archives/2010/03/back_door_in_ba.html
No comments:
Post a Comment