4

It started with an email from a worried satnav user, Lloyd Reid of Trichromic LLP an IT consultant who knows his way around a computer and knows a virus when his AV software flags one up. The cause for his concern being a newly purchased TomTom GO 910 satnav unit that, once connected to his PC, immediately caused an anti-virus software alert. Not one, but two alerts in fact. The win32.Perlovga.A Trojan and TR/Drop.Small.qp were identified as being resident on the satnav hard drive, within the copy.exe and host.exe files.

That’s worth repeating, two Trojans resident on the hard drive of a brand new, straight from the shop, satnav unit.

Worth repeating, perhaps, that this was a unit connected to a PC already protected by AV software, a clean PC, a PC belonging to an experienced IT consultant. It was for this reason that I believed him, that I did not simply assume it was a case of mistaken identity as is so often the case with such reports where the infection was already there, or came via a route unconnected to the accused party.

Also worth repeating is the response that this particular chap got from the TomTom support line, which was simply to let his AV software delete the virus and move on as these ‘are not dangerous’ Trojans. Upon pressing his point that the tech support guy was missing the point, he was told to submit a report to the TomTom website. Being the pushy type, my informer called a TomTom number in the Netherlands but only got the run around and an email address which he complained to, copying me in on the message.

Naturally, having more than a passing interest in the field of IT security, I started investigating immediately. It didn’t take long to find a few scant mentions of one or two other users asking about the same infections, on the same device, in a couple of satnav user forums. It also didn’t take long to discover that there was no real response from TomTom being reported anywhere, no mention on the TomTom website that there was a potential problem (a search for the infected files, virus or even a warning on the TomTom support site flagged no hits at all) and no warnings being given to the public at large.

I made sure that my friendly contact at the PR agency that handles TomTom in the UK was aware of my interest and he promised to pass my questions on to TomTom for a detailed, official, technical comment ASAP. That response was delivered by the end of play the next day. I note, however, that as I write this there is still no official warning on the TomTom site regarding the fact that a number of satnav devices are known to be infected with a virus…

Here is that response in full:

“It has come to our attention that a small, isolated number of TomTom GO 910’s, produced between September and November 2006, may be infected with a virus. The virus is qualified as low risk and can be removed safely with virus scanning software. Appropriate actions have been taken to make sure this is prevented from happening again in the future.

Affected devices

It has been confirmed that a small number of TomTom GO 910 devices, produced between September and November 2006, and shipped with software version 6.51, may be infected with a virus.

Known risks

The viruses that were detected present an extremely low risk to customers’ computers or the TomTom GO 910. To date, no cases of problems caused by the viruses are known.

How to detect the virus

In the isolated cases that a virus was detected, it was found when the TomTom GO 910 was connected to the computer and for example a back-up of the content on the device was being made.

What to do when a virus is found

TomTom highly recommends that all TomTom GO 910 customers update their virus scanning software, and if a virus is detected, allow the virus scanning software to remove the ‘host.exe’ file, ‘copy.exe’ file or any other variants.

The above identified files or any variants can safely be removed from the device with virus scanning software, and are NOT to be removed manually, as they are not part of the standard installed software on a TomTom GO 910. They present no danger whilst driving with the TomTom GO 910.

Customers that do not have virus scanning software are advised to install virus scanning software. The internet offers many free online virus scanners like Symantec and Kaspersky (www.symantec.com or www.kaspersky.com) that will remove the virus safely from the TomTom GO 910 as soon as it is detected.

Any customers who experience problems or have further questions are welcome to contact our Customer Support department.

===========================================

UPDATE: Monday 29th January Following the publication of this news story, and the interest it has sparked amongst many online and print publications, TomTom has now posted the same statement as above on its website. Sadly, there is no sign of an apology alongside it...

Votes + Comments
Well, this wasn't really unexpected. Nowadays, anything can sit in our HDD/SDD's.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

7
Contributors
9
Replies
30
Views
10 Years
Discussion Span
Last Post by raptor10
0

It is interesting to be informed about the risks we are exposed too, even in the Linux world. I am definately more interested in how this could happen.
- Was Tom-Tom's security breached and were the Trojans injected from the outside?
- How did this pass their QA before release?
Just qurious...

0

TomTom are keeping very quiet, choosing only to say that measures have been put in place to prevent it happening again, and that the problem was something to do with the China based production plant.

It is very unlikely that this was an outside attack, and hugely more likely (in my opinion) to have been a case of the quality assurance process, ironically, being to blame. Although it has to be guesswork, so please don't take this as gospel, I am not alone in thinking that a likely scenario is that random units taken off the production line for QA testing were plugged into an infected computer during the process.

The biggest concerns are that the infections are old ones, known about and protected against by the major AV vendors since July 2006, long before the production window here, and the fact that it took this blog posting and the storm of interest that blew up arising from it for TomTom to bother actually putting an advisory on the website to warn its own customers about the potential risk. Even then, the warning (same as posted above) rather poo poo's the whole thing claiming it is a low risk situation. Personally, I don't agree that any Trojan infection is low risk...

0

My experience with TomTom is exactly the same, I have used TomTom on a PDA with4 version of their software. Terrible special the version 3 was not usable. In France for example, You could not use it, it kept stopping. After having a stop You had to reset the unit and give in the route. About their support, I still have questions, without answers from 3 years ago. You can't give it the name of support, they are just intersted in selling systems and new updates for their cards, at a rather high price. Tehy don't bother to answer Your questions.
So I bought a MOI 269+ and now I have a system that keeps running. Although TomTom is Dutch, as I am, I think TomTom is junk.

0

I'm afraid I have to agree, TOMTOM's customer service is a joke.
I upgraded my maps to the latest version recently only to find that a major road opened 7 years ago was still marked as being under construction.
On examining the downloaded zip file containing the 'New' map I found that all the files inside that zip were dated in mid 2005.
As the update was late 2007 I do not think that 2 year old files are anywhere near new.
Does not surprise me to find out about the virus incident if their knowledge of dates is anything to go by.

0

I have just received my TomTom Go 920T back from TT support as it had a few issues (this is the second time I have got it back from being supposedly repaired, and it has come back from they're workshop with exactly the same Trojan reported allover the net! So either this infection is live and wild inside parts of thier network or I was just unlucky enough to have had my TT attached to this singular infected machine (no chance), as all they did to try to repair the fault was change the battery. We shall see if this resolves the original issue or not... Still, I am fuming that this thing came back with an infection on it. Incompetence springs instantly to mind.

0

The origional SD card supplied with the TomTom is now showing that there is not enough space to install speed camera updates, so I'd like to use a bigger memory sized SD card to replace the origional card, anyone got a clue how to make the card recognisable to the TomTom? which will enable the device to function properly?thanks

Edited by Dani: Plug snipped

0

Can a MTP device get infected with a virus or a worm or something of the sort? I just got rid of Fujacks.AK, a Virus, and was wondering if my MP3 player would need cleaning, but then I realised that maybe it wasn't infected at all since MPT devices are different and they don't get recognised as mass storage drives and don't even get a letter when connected to the computer.I've got a Philips Go Gear SA1335, in case such information is needed and my PC runs with WinXP...So, help, anyone?

0

List of Software that trace hardware name on our PC? Im seeking for list of software that can trace name of hardware installed on our PC, i know one, Belarc Advisor anyone can suggest me other software like Belarc Advisor?

Edited by Dani: Plug snipped

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.