First it was Trojan firmware on network routers, firewalls and other network appliances. That was followed by attackers installing trojans and malware on USB keys and then dumping them back into those sale bins by the registers. Now, SANS is reporting that a number of digital picture frames sold by retailers were pre-infected with malware, just waiting to be mounted on a PC during the picture loading process.
As we have been predicting in the State of the Threat presentations for more than a year, the attackers have found new and insidious ways to turn the newest and seemingly most benign technologies into platforms of attack. Now that just about everything from refrigerators to washing machines and from toasters to picture frames have memory, CPU and connectivity – the vectors for malware introduction and propagation are becoming logarithmically more available. As computers, mesh networks and home automation continue to merge, we have to think differently about risk, threats and vulnerabilities.
Until we as security folks can get our head around overall strategies for securing the personal networks and tools we become more dependent upon each day, we have to rely on point tactics like wiping drives when we get them, reloading firmware on all devices – even new ones – from trusted vendor sources and doing the basics to secure home and business networks and systems. Hopefully, one day soon, we can build better, more proactive solutions like integrated hashing, malware identification and other mechanisms for alerting users to basic tampering with our devices. While we geeks are getting the wired world we always dreamed of, we are learning all too quickly that it comes with some unexpected risk…