TomTom ships malware on sat-nav

Summary:Satellite navigation and services company has admitted shipping two Trojans on a number of its devices

Satellite navigation company TomTom has admitted that it has shipped two viruses on a number of its devices.

According to the company, a "small number" of TomTom GO 910 satellite navigation devices were shipped last year with malware pre-installed.

"It has come to our attention that a small, isolated number of TomTom GO 910s, produced between September and November 2006, may be infected with a virus. Appropriate actions have been taken to make sure this is prevented from happening again in the future," said TomTom in a statement.

According to tech journalist Davey Winder, who blogged about the problem, the GO 910 units were running version 6.51 of TomTom's software. Winder found that the two pieces of malware are win32.Perlovga.A Trojan and TR/Drop.Small.qp, and are resident on the sat-nav hard drive within the copy.exe and host.exe files.

Winder reported that when a user complained to TomTom about the security breach, he was told that the problem was not serious, and advised to remove the Trojans with antivirus software.

TomTom had not confirmed the exact viruses present in the copy.exe and host.exe files at the time of writing, but did highly recommend that all TomTom GO 910 customers update their antivirus software and, if a virus is detected, allow the antivirus software to remove the host.exe and copy.exe files, or any other variants.

Antivirus vendors were unable to confirm exactly what the viruses do at the time of writing, but TomTom said in a statement that they "present an extremely low risk to customers' computers or the TomTom GO 910".

"To date, no cases of problems caused by the viruses are known," claimed TomTom.

The TomTom devices run on Linux, while the two viruses are Windows-based. Users will only be aware that their sat-nav is infected if they connect the device to a PC running antivirus software; for example, to back up their content.

TomTom claims that both the host.exe and copy.exe files can safely be removed from the device with antivirus software. The company has warned the files should not be removed manually, as they are not part of the standard installed software on a TomTom GO 910. They present no danger while driving with the TomTom GO 910, the company claimed.

TomTom also recommended that people without antivirus protection should download free antivirus software from Kaspersky or Symantec.

TomTom was unable to tell ZDNet UK how the devices became infected. Graham Cluley, senior technology consultant at antivirus vendor Sophos, said the devices could have become infected during the quality assurance process.

As only a small number of devices are known to have been infected, Cluley said devices chosen for quality control could have been plugged into an infected PC within the organisation during a quality assurance test.

"It's not likely they were deliberately infected, because of the small number of devices affected," said Cluley.

TomTom has posted a statement regarding the affected devices on its website.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.