Mobile GPS system virus could infect network

By Andrew R. Hickey, Senior News Writer 31 Jan 2007 | SearchMobileComputing.com

Mobile advice Digg This!     StumbleUpon     Del.icio.us

On Tuesday, the maker of TomTom GO 910s said that a small number of the devices produced in the fourth quarter of 2006 may have been infected with a "low risk" virus. The company said the virus does not affect performance of the GPS device, but when linked to a PC or laptop, the devices could spread the virus onto a corporate network.

According to an announcement on the TomTom Web site, the infected devices were produced between September and November 2006 and were shipped with software version 6.51.

"In the isolated cases that a virus was detected, it was found when the TomTom GO 910 was connected to the computer and, for example, a back-up of the content on the device was being made," the announcement said.

The device makers recommend that TomTom users update virus scanning software and, if a virus is detected, allow the virus scanning software to remove the 'host.exe' file, 'copy.exe' file or any other variants. The company cautions users not to try and remove the malware manually.

But it may not be that simple, according to Dennis Szerszen, vice president of corporate strategy for SecureWave, an endpoint security vendor.

Szerszen said that in this instance, if the GPS device were linked to a corporate PC via a USB plug, the malware on the device could have propagated and spread onto the corporate network.

"Bottom line, plug and play has become just another threat vector -- another way for malware to introduce itself into the network," he said.

According to the Daniweb.com Web site, the TomTom device was found to contain the win32.Perlovga.A Trojan and TR/Drop.Small.qp on the satnav hard drive within the copy.exe and host.exe files. The files could prompt Windows to use the AutoRun feature to run malicious software.

William Bell, director of security for CWIE Holding Co., a Tempe, Ariz.-based e-commerce solutions provider, said the TomTom bug is "part of the whole evolution of viruses." He said viruses now are sliding in by the backdoor somewhere, even in places that typically seem innocuous.

For more information Learn more about SecureWave and mobile policy Check out our special report on mobile security policies

"The major concern is somebody brings [a TomTom] in thinking, 'Oh, I'm going to update my TomTom with the new software,'" Bell said, adding that the user, even if the intent wasn't malicious, could introduce the viruses to the networks. "Even if it was something that destroyed just the computer it was connected to, that would be bad enough."

Bell said companies need to be protected against unknown viruses, worms and Trojans that may enter through endpoints like the TomTom or other vectors.

"It used to be, 'Oh my God, this is going to crash my computer,'" he said. "That's not what scares me most these days. It's data leakage that really scares me. You have to take every safety precaution to protect valuable assets."

While neither he nor TomTom could say what would happen if this particular virus got onto a corporate network, Szerszen said there are three things that malware tries to do when plugged into the network: breach confidentiality, damage the integrity of data, and make resources unavailable. All three possibilities are likely when malware is introduced via a mobile device or an endpoint.

TomTom said there has been no reported case of the virus spreading, but Szerszen noted that an incident such as this should act as a wake-up call for enterprises and prompt them to reevaluate what types of devices they let link to the network.

"A lot of companies don't pay attention," he said, adding that many organizations allow iPods, USB sticks, cameras and unauthorized cell and smartphones to get onto the network without knowing the risks they present.

"Companies have to educate themselves and learn what their exposures are," he said.

From there, companies need to review their policies regarding what kind of devices can access network resources and what they can do while they're attached.

"There has to be a company policy on what devices can be plugged in and how they're used," Szerszen said.

In many instances, antivirus and other protective software may stop malware from entering the network, but according to recent statistics from Yankee Group, of the 99% of corporations with antivirus or some other protection, 52% still had some sort of viral infection.

"If malware wants to find a way in, it's going to find a path," Szerszen said. "I can't imagine this is going to be the last we'll see of this."

Tags: Mobile Policies and Procedures,  Mobile Device Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Mobile Policies and Procedures Securing corporate data on your laptops Podcast: FAQs on mobile policies Developing and instituting corporate mobile device policies Mobile security: Asserting control over mobile devices Mobile security culture starts at the top Detecting rogue mobile devices on your network Mobile security policies Defining your mobile security policy Government regulations and mobile security policies Mobile security policies: Why a policy is important Mobile Device Security Fingerprint recognition and mobile security Traditional security threats coming soon to mobile device near you Securing your Windows Mobile devices Mobile security: Protecting your data, not just your devices Prevent mobile malware: Learn how to protect your enterprise and devices Podcast: The truth about network security and mobile device access Protecting data on your BlackBerry Going green: Recycling and energy saving tips for mobile devices -- podcast New challenges in mobile device discovery Quiz: Mobile Device Security -- Who else can hear me now? Mobile Device Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary mobile VPN  (SearchMobileComputing.com) real-time location system (RTLS)  (SearchMobileComputing.com) screaming cell phone  (SearchMobileComputing.com) SMiShing  (SearchMobileComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary