Security and Digital Picture Frames

I was listening to “All Things Considered” on NPR as I drove home last night, and happened to catch part of an interview with Counterterrorism expert Richard Clarke. One of the items that caught my interest was Clarke’s assertion that one of the new vectors for computer viruses will be devices we connect to the web. As an example, he cited a problem with Best Buy’s Insignia 10.4-inch Digital Picture Frames. Here’s an excerpt from a CNet article published back in January:

“Best Buy is warning customers who purchased its Insignia 10.4-inch Digital Picture Frames that their device may be harboring a virus, according an advisory posted on its Web site over the weekend….Best Buy learned of the problem in the first week of January, after receiving several customer complaints, said company spokeswoman Nissa French. It took a couple weeks for the company to ascertain the problem, which it attributes to a virus that was loaded onto the devices during the manufacturing process.”

A bit more from Engadget in February:

“…Now it looks those now-discontinued virus-ridden Insignia units from Best Buy and several other models produced in China were carrying a much nastier trojan that we'd originally heard. According to an analyst form Computer Associates, the trojan, called Mocmex, is able to block more than 100 types of security and anti-virus software from killing it, and bypasses the Windows firewall to download files from remote locations, spreading them randomly over your hard drive and any portable storage device you plug into your PC -- like, for example, a digital photo frame. The trojan is apparently set to only steal gaming passwords at present, but CA says it's capable of stealing nearly any information on your machine, and thinks it might be a test for a much worse virus yet to come. Infected frames have come from Sam's Club, Target and Costco, in addition to Best Buy, so we'd say to avoid picking one up until this mess gets sorted out -- or, you know, forever.”

I’m glad I heard it…I think I had naively overlooked the possibility of all our new web-enabled devices as vectors for cyber troubles.