WTF? Energizer battery charger contains backdoor? « adafruit industries blog

WTF? Energizer battery charger contains backdoor?

Energizer Duo
What.the.f*ck…Energizer battery charger contains backdoor

The United States Computer Emergency Response Team (US-CERT) has warned that the software included in the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access. In an advisory, the US-CERT warned that he installer for the Energizer DUO software places the file UsbCharger.dll in the application’s directory and Arucer.dll in the Windows system32 directory. An attacker is able to remotely control a system, including the ability to list directories, send and receive files, and execute programs. The backdoor operates with the privileges of the logged-on user.

This is the best reason to pick an open source charger of any kind, like the MintyBoost (not batteries, just devices until the new version :) . The MintyBoost will not install software and not trojan your computer.

Filed under: mintyboost, open source hardware — by adafruit, posted March 9, 2010 at 2:28 pm

8 Comments »

  1. Lameeeee

    Comment by Dylan Cupedo — March 9, 2010 @ 3:05 pm

  2. That’s just frack’n lovely.

    Comment by dataman — March 9, 2010 @ 3:18 pm

  3. Why a battery charger even requires software like that is beyond me – can’t you just enumerate as an HID and negotiate up to 500mA?

    The device in question is the opposite of the current MintyBoost, though – it charges AAs / AAAs from USB, not vice versa.

    Comment by Randy — March 9, 2010 @ 3:37 pm

  4. How is a MintyBoost the same as this device? It looks to me like a battery charger and not a device that uses batteries to charge USB devices?
    True, stupid software mistake but do not realy see the connection with a MintyBoost. Or maybe you could use a MintyBoost to charge your batteries? Now that would be stupid! ;)

    Comment by Marius — March 9, 2010 @ 4:00 pm

  5. @marius – we said open source “like” the mintyboost, encourage open source so things like this does not happen.

    Comment by adafruit — March 9, 2010 @ 4:29 pm

  6. Why do you even need software to run a Nicad charger? With all the various chips out there such as those available from Maxim, it’s all built into the silicon anyway, all the USB port needs to provide is power.

    Sounds like an over-engineered solution that got combined with a software developer’s infected system to produce malware installation disks that also installed the support software for the charger. Brrrrh!

    Comment by Sean — March 9, 2010 @ 5:16 pm

  7. I’ve actually got one of these. Firstly, the mintyboost charges a device like an iPod. Whereas the Energizer charges batteries.

    Secondly, the software tells you how charged your batteries are. However the software is definitely poorly made. The readme had 4 typo’s in it at least.

    Comment by Arthur — March 9, 2010 @ 6:55 pm

  8. Jees, backdoor access via a usb battery charger! Really a big flaw.

    Comment by indiatechnews — March 9, 2010 @ 9:09 pm

RSS feed for comments on this post. TrackBack URL

Leave a comment

Prove you are human by reading this resistor:
0Ω+/- 5%

0
0
1
2
3
4
5
6
7
8
9

0
0
1
2
3
4
5
6
7
8
9

0
0
1
2
3
4
5
6
7
8
9

5
5
10
20

Match the sliders on the left to each color band on the resistor.

Click Here for a new resistor image.

New to electronics? Click here to learn how to read resistor values.

www.flickr.com
adafruit's items Go to adafruit's photostream
www.flickr.com
items in Adafruits More in Adafruits pool