Modern tech seems plagued by product recalls, security vulnerabilities and other flaws. Jonathan Parkyn explains how to protect yourself from dodgy devices
When you buy a PC, laptop, tablet or any another device, the last thing you expect is for it to spy on you, expose you to security risks or catch fire. But a recent spate of horror stories in the news points to a worrying trend for faulty product lines and devices that are sold with built-in vulnerabilities, effectively turning your computer into a ticking time bomb.
But why is this happening? Which manufacturers are the worst offenders? And what can you do to protect yourself from potentially dangerous devices? Read on to find out.
Is your PC preloaded with malware?
Like many manufacturers, Lenovo pre-loads its PCs with all kinds of junk that you’ll likely never use (see our article for advice on how to remove it). Sadly, there’s nothing unusual about that, except that Lenovo went one step further than everyone else by bundling all of its laptops with malware.
According to Lenovo (www.snipca.com/19981), the malware in question – an advertising tool called Superfish Visual Search – was supposed to be “a technology that helps users find and discover products visually”. However, it was subsequently found that the software hijacked secure web connections and injected adverts into people’s browsers. Not only that, but one security expert revealed that the software’s security-certificate password could be easily cracked, exposing Lenovo’s customers to hackers and identity thieves (www.snipca.com/19982).
Lenovo was no doubt hoping to generate income from advertising revenue when it added Superfish to its PCs. But the tool, which has now been identified as malware by more than 20 leading antivirus services (www.snipca.com/19983), was removed in February 2015 and the company apologised (www.snipca.com/19986).
If you bought a Lenovo laptop prior to the scandal, you can check whether Superfish is lurking somewhere on your computer by visiting the online checker at lastpass.com/superfish. Annoyingly, if the online tool finds Superfish on your system, you can’t just uninstall it. Instead, you need to download and run Lenovo’s special removal tool (www.snipca.com/19985), then visit the online checker again to test that the removal has been successful.
Was your PC sold with security flaws?
Unbelievably, Lenovo came under fire again more recently when it was revealed that the Lenovo Solution Center – more unnecessary software that comes pre-installed on the company’s PCs – contained vulnerabilities that could hand control of your PC to hackers.
The flaw, uncovered last December by a hacker called Slipstream, potentially lets criminals remotely hijack your computer via an infected web page. To fix the Solution Center vulnerability, follow Lenovo’s instructions at www.snipca.com/19990.
Lenovo isn’t the only PC manufacturer guilty of shipping devices that are full of security holes. In December, Toshiba admitted that security weaknesses in its pre-loaded Toshiba Service Station software “could allow unauthorised access to the affected PC’s system registry”. See www.snipca.com/19998 for more on the problem, including links to an updated, malware-free version of Service Station.
In November last year, Dell PCs were found to have vulnerabilities similar to that of Superfish. In an official statement (www.snipca.com/20002), Dell said that the ‘eDellRoot’ tool was added to make it easier for its support staff to identify the PC model they were trying to fix. But it also allowed hackers to steal the personal data of Dell’s customers over public Wi-Fi connections.
No sooner was this vulnerability revealed, than a second threat was exposed on Dell PCs in the shape of the ‘DSDTestProvider’ certificate – part of a bundled program called Dell System Detect. If you own a Dell PC, you can check for, and fix, both vulnerabilities via Dell’s support page (www.snipca.com/20006).
Are your accessories unsafe?
Even if your PC is unaffected by manufacturer failings, you may own other devices that make you vulnerable. Earlier this year, for example, wireless mice and keyboards from a wide range of manufacturers (including Microsoft, Logitech and, yet again, Lenovo) were found to be susceptible to being hacked from up to 100 metres away. The flaw, discovered in USB sticks used to connect wireless peripherals to PCs, effectively hands criminals control of your PC.
Known as ‘mousejacking’, it lets hackers remotely access your PC in order to steal data or install malware on your PC remotely. For more on this problem, go to www.mousejack.com and for a list of vulnerable devices, visit www.snipca.com/20007.
Elsewhere, a recent research project uncovered potential security flaws in more than a dozen current Netgear and D-Link routers (www.snipca.com/20008). Netgear has promised to issue a firmware update to fix affected models. If you own one of the devices listed, contact the relevant manufacturer immediately.
As with all security vulnerabilities, keeping your devices updated is the best protection. However, updates can sometimes introduce fresh defects of their own, as Microsoft’s recent Windows 10 gaffe proves. Could your device catch fire?
Being put at risk by a potential security flaw is one thing. But a device that puts your entire family in danger because it is a fire hazard is altogether more worrying. Sadly, this continues to be a widespread problem – and it isn’t just cheap knock-off products that you need to worry about.
Microsoft, Apple, Amazon and many other leading tech companies have all been forced to issue product recalls for defective devices since the turn of the year, often requiring users to replace a charging unit. For instance, the power adapters provided with Amazon’s somewhat ironically named Fire 7-inch tablets – including a Kids Edition model – were recently found “in rare cases” to cause electrical shocks. Check www.snipca.com/20010 to find out if your adapter is affected and what you should do if it is.
Similarly, Microsoft is urging owners of certain Surface Pro 1, 2 and 3 devices to apply for a free replacement power cord (www.snipca.com/20011), after reports that the power unit originally supplied with the tablets is prone to overheating and could be a fire risk.
How to stay safe
These are just a couple of recent examples in what is a rising trend. One of the biggest problems is knowing when a device you own has been identified as faulty. According to UK charity Electrical Safety First, the average success rate of an electrical product recall is just 10-20 per cent, meaning that there could be millions of defective devices in use in homes all over the country.
The best way to protect yourself is to register any device you buy with the manufacturer – most products provide info on how to do this in the supplied literature. It’s usually a question of visiting the manufacturer’s website and entering your details. This can seem like a hassle, but it means that if your device is ever found to be dangerous or defective, the company will be able to contact you.
You can also visit Electrical Safety First’s product checker (www.snipca.com/20014) and the Chartered Trading Standards website (www.snipca.com/20015) to read about the latest recall campaigns. And, if you suspect a device or its power adapter is faulty, then let the manufacturer know right away.
COULD AN UPDATE KILL YOUR DEVICE?
Updates are supposed to improve devices and make them safer – not break them altogether. Try telling that to Microsoft. The company, having recently made updates compulsory for Windows 10 devices, managed to release one that caused its own laptops – the Microsoft Surface Pro 3 and 4 – to freeze completely. Luckily, the update in question (Build 14279) wasn’t intended for general consumption; it was rolled out to Windows Insiders for testing in early March. In a subsequent blog post (www.snipca.com/19980), Microsoft acknowledged the flaw and provided a fix for affected devices (holding down the power button to force a hard reboot).