Preinstalled Malware

   Anyone who has purchased a new computer in the last 20 years has faced the same annoyance: tons of preinstalled software that comes with the system.  Most users find themselves spending the first few hours with their new computer deleting this software (or even reformatting the hard drive to install a clean version of the operating system).  Now even more devices come preinstalled with something even worse: malware.

   At a hearing in the U.S. Congress last week, an official with the Department of Homeland Security (DHS) acknowledged that there is a persistent threat of pre-existent malware on computers and other electronic devices imported and sold in the U.S.  The problem is that the supply chain for electronic equipment has many stops (product development, manufacturing, assembly, etc.) with numerous middlemen all touching the equipment in locations around the globe.  Protecting the security of a device as it moves through the chain is extremely difficult.  And it does not include just computer hard disk drives with a preinstalled virus; it can also include network equipment that may have a hidden back door {Chapter 4 Security+ 3ed} or an electronic photo frame that infects a USB flash drive used to transfer the photos {Chapter 1 Security+ 3ed}.

   The DHS official went on to say that there are several federal efforts already under way to diminish this risk.  For example, the DHS and Department of Defense (DoD) have assembled a task force to identify "short-term mitigation strategies", as well as working with the private sector to monitor the supply chain.

   Stay secure!

http://www.cengage.com/infosec