TomTom Pulls Windows Malware into Autos

By including at least two Windows viruses in its navigation software, the company may have created automotive and malware history, confirming long-held questions about the security of car-borne computer systems.

The long-running joke about cars breaking down and getting infected by viruses if they ran on Microsoft software appears to have grown closer to reality, as navigation device maker TomTom has admitted the inclusion of two Windows malware variants in one of its products.

On Jan. 29, TomTom, which is based in Amsterdam, conceded that an isolated number of its Go 910 navigation systems may have been infected with Windows malware. According to the company, the viruses, identified by security researchers including F-Secure as the Perlovga.a and Small.qp threats, do not affect the navigation performance of the handhelds.

TomTom reported that the viruses, both of which are considered by researchers to be low risk in nature, found their way into the navigation systems as they were being produced during the fourth quarter of 2006. Company officials did not immediately return calls seeking further details of the incident.

Despite the fact that the Windows viruses pose no known threat to the navigation device, which actually runs on a Linux-based operating system, experts highlighted the landmark nature of the event, as people have been predicting for years that the security issues rampant on PCs would eventually find their way into cars as more and more information technology applications are integrated into vehicles.

The only real threat posed by the TomTom-borne viruses is that people connecting the devices to their PCs could be infected by the attacks. In fact, researchers at F-Secure, an anti-virus software maker based in Helsinki, Finland, said the problem was first discovered when some TomTom customers began receiving notifications from their desktop anti-virus systems when they connected the devices to their PCs. Users can link the navigation systems to desktops to save backups of their travel routes.

Security experts observed that the issue, while not a real threat to autos, is very similar to incidents experienced by Apple, Creative and fast-food giant McDonalds, each of which distributed multimedia players to customers that had malware code hidden inside them.

/zimages/1/28571.gifIBM researchers say software vulnerabilities that allow hackers to exploit popular programs will continue to rise during 2007. Click here to read more.

While such attacks have not caused problems for users, the scenario illustrates the likelihood that security problems, viruses in particular, will begin to migrate onto different machines as attackers find ways to sneak their work onboard.

The big fear with viruses finding their way into automobiles is that someone could potentially use the programs to locate vehicles, break into them, track drivers movements, or even take over navigation systems to lure someone off course and assault them or steal their car.

There is already evidence that hackers have some ability to take over some of the computerized systems offered in more advanced vehicles, with authorities in the United Kingdom contending that thieves used a laptop computer to bypass the locks and ignitions of two BMW SUVs stolen from British soccer star David Beckham in 2006.

The prevailing idea is that computer viruses could be used to do physical and financial harm to people in a manner that may be far worse than the problems caused by malware on PCs, specifically as IT is pushed into automobiles and a litany of other devices that individuals use in their daily lives.

"Its pretty interesting because weve often talked about the possibility of a car getting hit by viruses, and here its sort of happening now," said Patrik Runald, senior security specialist at F-Secure. "This is really just an embarrassment for TomTom, versus a threat, but it gives us an idea of how this sort of thing can actually happen."

Next Page: Next up: On-board entertainment systems?