TomTom admits it shipped malware on devices

Satellite navigation and services company has admitted shipping two Trojans on a number of its devices.
Written by Tom Espiner, Contributor

Satellite navigation company TomTom has admitted that it shipped two viruses on a number of its devices.

According to the company, a "small number" of TomTom GO 910 satellite navigation devices were shipped last year with malware pre-installed.

"It has come to our attention that a small, isolated number of TomTom GO 910s, produced between September and November 2006, may be infected with a virus. Appropriate actions have been taken to make sure this is prevented from happening again in the future," said TomTom in a statement.

According to tech journalist Davey Winder, who blogged about the problem, the GO 910 units were running version 6.51 of TomTom's software. Winder found that the two pieces of malware are win32.Perlovga.A Trojan and TR/Drop.Small.qp, and are resident on the sat-nav hard drive within the copy.exe and host.exe files.

Winder reported that when a user complained to TomTom about the security breach, he was told that the problem was not serious, and advised to remove the Trojans with antivirus software.

TomTom had not confirmed the exact viruses present in the copy.exe and host.exe files at the time of writing, but did highly recommend that all TomTom GO 910 customers update their antivirus software and, if a virus is detected, allow the antivirus software to remove the host.exe and copy.exe files, or any other variants.

Antivirus vendors were unable to confirm exactly what the viruses do at the time of writing, but TomTom said in a statement that they "present an extremely low risk to customers' computers or the TomTom GO 910".

"To date, no cases of problems caused by the viruses are known," claimed TomTom.

The TomTom devices run on Linux, while the two viruses are Windows-based. Users will only be aware that their sat-nav is infected if they connect the device to a PC running antivirus software; for example, to back up their content.

TomTom claims that both the host.exe and copy.exe files can safely be removed from the device with antivirus software. The company has warned the files should not be removed manually, as they are not part of the standard installed software on a TomTom GO 910. They present no danger while driving with the TomTom GO 910, the company claimed.

TomTom also recommended that people without antivirus protection should download free antivirus software from Kaspersky or Symantec.

TomTom was unable to tell ZDNet UK how the devices became infected. Graham Cluley, senior technology consultant at antivirus vendor Sophos, said the devices could have become infected during the quality assurance process.

As only a small number of devices are known to have been infected, Cluley said devices chosen for quality control could have been plugged into an infected PC within the organization during a quality assurance test.

"It's not likely they were deliberately infected, because of the small number of devices affected," said Cluley.

TomTom has posted a statement regarding the affected devices on its Web site.

Editorial standards