TomTom Admits Satnav Device Infected With Virus

miserableles writes "TomTom has admitted to a UK security journalist that a number of GO 910 satellite navigation units shipped with two Trojans installed on the hard drive. But still no sign of an official warning on the TomTom website."

So thats why

[Anonymous Coward]

my GPS keeps leading me to a discount Viagra/Rolex Watch warehouse/stock broker!

which version did you get?

[macadamia_harold]

my GPS keeps leading me to a discount Viagra/Rolex Watch warehouse/stock broker!

Really? Mine just leads me to h0t s3xy s!uts. Which is entirely fine with me.

Re:

[Funkcikle]

Drive 100m up Trolley Loop. Now take a left. Honest, it's safe. [google.co.uk]

Re:

[theshowmecanuck]

I found it interesting that the bubble on the arrow said 'Niagra Falls, U.S.A.' and pointed to the Canadian side of the falls.

Re:which version did you get?

[Flendon]

I found it interesting that the bubble on the arrow said 'Niagra Falls, U.S.A.' and pointed to the Canadian side of the falls.

That's odd. My map says Viagra Falls...

Re:

[sethstorm]

I thought it was just antialiasing the N.

Viagra Falls

[pionzypher]

Aren't those two terms supposed to be mutually exclusive?

Re:

[Mister Transistor]

Slowwwwwly I turned...

Step by Step...

Inch by Inch...

Re:

[Tablizer]

my GPS keeps leading me to a discount Viagra

That's not spam, that's your girlfriend dropping you an IM clue.
   

Re:

[8ball629]

Mine actually leads me to the same place but at the same time it quotes various novels that have nothing to do with the destination!

The device cannot infect other devices or

[solitu]

your computer. So essentially this is a dead virus.

Re:

[Anonymous Coward]

Youre missing the point. These are brand new infected devices out of the box. And as for the viral nature, newer GPS devices now have bluetooth and GSM connectivity installed.

Re:

[Excelcia]

If the trojan is active, it can make the device vulnerable to control in a way it's not designed to. The device is bluetooth capable, so this introduces at least the possibility of remote attacks. If they are simply present but not active, then yes, this is mostly harmless.

Re:The device cannot infect other devices or

[speculatrix]

tomtom devices act as usb mass storage devices so you can copy s/w, map updates and speed camera POIs to them; thus the device won't actively infect, but can be a vector for infected files.

Re:

[mrmeval]

So I can't make the _insert evil person here_ drive _off the pier_, _into the train_, _through a political rally_?

Even so it's not TomTom but DumDum.

Security measures?

[Original Replica]

Umm, so do they keep a track log of where you have been? Could these trojans be backdoors for downloading those logs? I would like to write this off as paranoid, but that does seem a likely next step for Big Brother.

Re:

[speculatrix]

do they keep a track log?

there's no feature (or isn't in tomtom 5 which is what I have), but you can add it - look at www.opentom.org for the third party app from amacri.

garmin handhelds do have a breadcrumb trail feature built in, and can even convert it to a route for you

Re:

[Yer Mom]

Yes, they do keep a log — the TomTom Home software asks permission to upload anonymised logs when you connect it for the first time (with the latest software on the satnav). The idea is that it will allow them to spot areas where people are using local knowledge to take a faster route (such as avoiding streets often blocked by bad parking)

Just how anonymised it actually is, of course, I don't know. Nor do I know if the software tries to send the data even if you say "no". But the trojans are probably

Of course no warnings...

[Excelcia]

Of course no warnings. Warnings only come out after the lawyers are consulted. One must, after all, get one's priorities straight.

Re:

[UnrefinedLayman]

Of course the lawyers get consulted first. The litigious society in which we live dictates it. People at zoos who climb over fences, moats, pits and fire traps past multiple signs that say "Do not go beyond this sign or you will be eaten" successfully sue the zoo when the lion bites their hand off.

One misstep in any direction by a company can result in being sued out of business so the lawyers are consulted first. That makes the company evil. People will sue over any perceived injury. That makes people e

Re:

[Excelcia]

People are also apt to sue if they buy a product and find out that the manufacturer knew of some issue, like a virus, and sat on that info. In fact, I think I'd be more apt to sue in that instance than if they did notify people.

For any corporation, the first question the execs have for their lawyer when they discover a flaw in their product is "if we don't warn the public, will our lawsuit damages exceed the loss of sales if we do warn the public". The problem is, they ask this question whether it is an

I wonder...

[Creepy Crawler]

If people would be willing to sue via Computer Hacking laws against Tom Tom? If not have it a tort case, why not make it a criminal case? The fact that they knew about it, and covered it up shows guilt.

These devices are going for ~540$ and with installed viruses to boot. Nice.

Re:

[WrongSizeGlass]

These devices are going for ~540$ and with installed viruses to boot.

For that money I can get a low-end iPhone and have $41 left to buy my own viruses ... if we were only allowed to install 3rd party apps.

Re:

[Tony Hoyle]

For that money I can get a low-end iPhone and have $41 left to buy my own viruses ... if only the iphone was an in-car GPS system and not a phone

There, fixed it for you.

Re:

[Linker3000]

Skip the over-priced, 'fanboy' stuff and get something functional like an HTC Hermes/TyTN that's a phone and can also run Tomtom in conjunction with a bluetooth/GPS dongle. Being WM5-based it can also play your music and videos, do your email etc. etc.

Wonder if it happened like on the iPod

[sokoban]

I guess that is the second major consumer electronics device which has shipped with installed viruses. I imagine if the number of infected devices is really small they probably were infected in the same way as the iPod. Yet another reminder of how shoddy some of the conditions are where all of our nice little gadgets are made.

Re:

[flyingfsck]

There has been many. Lotus123 shipped virus infested disks many, many years ago.

Re:

[gnasher719]

'' I guess that is the second major consumer electronics device which has shipped with installed viruses. I imagine if the number of infected devices is really small they probably were infected in the same way as the iPod. Yet another reminder of how shoddy some of the conditions are where all of our nice little gadgets are made. ''

They are not really shoddy. In the iPod case, some quality control department used PCs running Windows that were infected and copied trojans to any mass storage device that was a

You think that's bad...

[Khyber]

Think about the places where those devices get REPAIRED. I've been on both ends of the stick, I'd rather work in the manufacturing plant than the repair depot. The manufacturing plants tend to be cleaner, while the repair depots get really junky. You never know what sorts of seedy CD swapping to test optical drives, or what kind of USB device is plugged in, all kinds of various means of infection.

Should I?

[Anonymous Coward]

Tom Tom, should I send $20,000 to Sebo in Nigeria?

Re:Don't use a consumer OS to do an RTOS job

[KD5UZZ]

Linux [tomtom.com]

Re:Don't use a consumer OS to do an RTOS job

[interiot]

As someone else noted, it runs Linux [tomtom.com]. So the virus really is just on the hard drive, so it can execute on computers that attach to the unit, but the virus doesn't actually execute on the GPS unit.

Re:

[speculatrix]

it's irrelevant to the case in point, as it can act as usb mass storage and thus be carrying infected files.

actually, it's running linux - tomtom's gpl page [tomtom.com]. Also take not of OpenTom [opentom.org], a team of 3rd party tomtom hackers.

Re:

[Animats]

It can act as usb mass storage and thus be carrying infected files.

Did they export the whole drive, or what? One would expect they'd export an empty file system, onto which one could load music or other content, and provide some means to reset it to empty if it became corrupted.

Re:

[speculatrix]

it exports the whole of the sd card, one of the files there is an encapsulated linux boot image. why? because tomtom allow you to update the OS on the machine as well as the maps. when running in usb mass store, the navigation s/w isn't running.

Re:

[UtucXul]

As the other replies say, the TomTom runs Linux. But I can tell you that my experience with a Magellan Roadmate GPS and Windows CE [blogspot.com], and that has just about all the stability I remember from my long distant days of Windows 98.

Re:

[nmg196]

What the hell are you talking about? It runs Linux you idiot (ever heard of that?).

> Clearly, not only is the virus "on the hard drive", but it actually gets executed.

Says WHO? Now you're just making stuff up.

is anyone taking responsibility?

[v1]

The first link, the letter from tomtom, does refer users to a couple free antivirus removal tools that will remove the virus, but other than that, I wonder how much responsibility tomtom will take for getting their customers' PCs infected? If you are a businessman and have taken your tomtom into work and connected to the local network to update your maps for your scheduled sales calls and have now infected the entire company network with viruses, I wonder how much of a problem this will cause and what tomtom would do about it? "Sorry sucker, thanks for purchasing our product, please come again."

I am also a little interested in seeing how tomtom follows this up. There was a report a few months ago about a few ipods shipping with something nasty, and Apple tracked them down all the way to the imaging workstation that started the outbreak. Judging by how tomtom is trying to sweep this one under the rug, I rather doubt they are exercising due diligence. At the very least someone should get fired - either the yutz that violated company policy and brought in his flash drive etc, or the director that didn't have any policies in place to start with. More than likely both are at fault but the guy with the flash drive will wind up taking the fall.

Re:

[oso]

You could take them to court... if you can show that you have been damaged. In this case, I don't think that you will get far, as there appears to be no way to "get infected" by attaching the device to your computer and using it in a regular fashion.

I suppose that you could purposefully infect your computer by actually launching the virus files... but I'm sure somewhere along the court process someone will ask you why you executed the program :)

Re:

[Acid-Duck]

Anyone who's got a decent policy in regards to the workplace network, will have a rule in their policy which reads something like this:

Hardware other then the one which is office supplied may not be connected to the network until it has been verified/approved by the IT staff.

If they don't have that type of rule in their policy they should just hire someone more competant.. If you are the IT staff I guess you should start looking for another job if you someone infected the network.

Do you know where you're going today?

[p00ked]

What a coincidence, so do they!

New Tom Tom Commercial

[laurent420]

Tom Tom, can i SYN flood across the atlantic trunk? Tom Tom, DDoS Amazon. Tom Tom, spam 4million email addresses.

Re:

[Megane]

I think I'll stick with Steve Steve or Tux Tux.

asking for help gone teribly wrong

[v1]

At a forum for tomtom help at http://www.expansys.com/ft.aspx?i=112333&thread=27 96 [expansys.com], a user asks,

this is my first post, when trying to download the map of western europe v6.6 direct from TomTom Home site to my PC the following message appears '' an error occurred while dowloading this file: read error., followed by the options ''continue'' or ''cancel.

Can anyone help me with this problem?

His first reply:

Disable your firewall and anti virus and see if that helps.

Silly windows users.

Controlling it

[Mantrid42]

The server that controls the virus will be called "Ground Control".

Well duh!

[$RANDOMLUSER]

Just look at the name: Satanv. What could go wrong?

Re:

[BSDetector]

Obviously dyslexia is a ailment common to Slashdotters.

About TomTom

[maggard]

I've been a happy owner of a TomTom 300 for a couple of years. It's a dashboard-mounted Linux-based satnav system. When I went shopping for a device like this several years ago I was impressed by the TomTom's UI & audio quality, both more important to me when using it then lots of rarely used features.

For those who don't understand why anyone would want a satnav system, its been a huge benefit to me. Not only does it guide me point to point, particularly when it's to or from a point I'm not familiar with, it also informs me of services near me. For example the other night I met friends at a cinema I'd never been to before. I was able to quickly navigate to it without having to refer to a printed Google map. After the show we were able to quickly chose nearby restaurant without having to roam around in a convoy. I was then able to simply chose "Home" as the destination from my new location. On the way home I was low on fuel; with the TomTom I was able to skip the first exit promising gas (the TomTom showed it was actually a mile away) and continue to the next exit, with 2 gas stations conveniently by the exits.

TomTom Corp.is out of Belgium, which is reflected in their multilingual features & mapsets. They've been fairly hacker friendly and there are a number of 3rd party addon packages that have shown up over the years. TomTom has a history of hiring those hackers and bringing them in-house.

Their software runs on both Linux & Windows CE. Indeed from what I've seen it is fairly agnostic about either platform and offers the same feature sets on both. They also have a free desktop application for adding & removing maps, updating firmware & software, adding custom voices, etc. This started out on MS Windows and is now also offered on MacOS X.

So far I've been extremely happy with my purchase. The biggest problem has been significant highway construction; my maps are now several years old and don't reflect current routes. However TomTom has recently announced updated maps which I'll be purchasing. My only concern is they issued a press release touting a significant discount for the introduction of these maps, a press release which has since disappeared from their website.

In the years since my model 300 shipped they've now added models with built-in hard drives, Bluetooth for integration with phones, radios, car services like headlights, and via phones downloading traffic updates for dynamic route optimization. This hard drive is apparently what has been affected.

Re:

[ilikejam]

This message brought to you by TomTom International BV.

Re:

[Spacezilla]

You're right, that was a really strange post, especially the "For those who don't understand why anyone would want a satnav system" part. I live in northern Europe and almost everyone here who owns a car also owns one of these, yet this guy makes it sound like it's some kind of new, mysterious device that no one can see the point of.

Hm...

"For those who don't understand why anyone would want a satnav system"

Nope, it still sounds very weird.

Re:

[ilikejam]

FWIW, I own a 'TomTom One' and it's really quite impressive.

This message brought to you by me.

Re:

[Tony Hoyle]

Even the taxi drivers have them now...

Maybe in the US they're not so common but elsewhere they're basically a required addon.

it's not strange at all

[Artifex]

It's not new to you because of where you live. In the US, it's still something of a big deal to have a car with nav. (I suspect less than 10% of cars actually on the road here have it built-in). It wasn't an option when I bought my car, and in fact my parents' new car from the same line is our family's first to have it.

How come positive reviews of products are given such a suspicious eye, that even when the post is from a four-digit ID with a long posting history (and website you can visit to check his credentials), it's seen as astroturfing?

Get a grip, guys.

Re:

[Mung Victim]

It's not new to you because of where you live. In the US, it's still something of a big deal to have a car with nav

I'm surprised by this. As the GP suggested, satnav is rapidly becoming ubiquitous in this part of the world (I'm in the UK), either in the form of built-in units on newer cars or as portable devices like Tom-Toms. I'd be really interested to know why it hasn't taken off in the same way in the US. Is it because the road systems are generally simpler, or what?

Re:

[ivan256]

It seems to be because American car companies tried to implement technology that had a recurring revenue model. GPS navigation signals are free, and once you've sold the device there are typically no more checks in the mail (most users don't update their maps). Now that customers have largely rejected the recurring revenue model of OnStar and the like (having seen the GPS systems available on Japanese and European cars) Nav systems are becoming more common.

If the US had such a wide range of wireless provide

Re:

[Weh]

isn't denmark considered a part of scandinavia?

Re:

[maggard]

That's right jackass, I've been on /. all these years just to astroturf for TomTom; user 5579, 1100+ comments, it's been a setup all along, you finally figured me out.

Less sarcastically, your implications are unjustified and rude.

As to why I justified a GPS, the last time [slashdot.org] GPS units came up on /. a buncha folks whined how superfluous they are, that a printed map should be good enough for anyone, etc. So I figured I'd recap why I so like mine.

But hey, its easier to publicly imply unethical misrepresentation

Re:

[Breakfast Pants]

Your post came off as an advertisement to me as well. It didn't sound like a real user was telling me about it, but rather, it felt like I was being beaten over the head by the marketing department at TomTom.

Re:

[Spacezilla]

As to why I justified a GPS, the last time [slashdot.org] GPS units came up on /. a buncha folks whined how superfluous they are, that a printed map should be good enough for anyone, etc. So I figured I'd recap why I so like mine.

All right, just sounded strange to me too, guess it's a different culture over there. Here I think it would be harder to explain to people why anyone would need a PC than why they'd need a satnav unit. :)

So, as requested: Sorry, it was a misunderstanding. :)

Re:

[ilikejam]

Calm yourself.

'This message brought to you by X' posts are jokes. Someone who's been on /. all these years should know that by now.

Re:

[garcia]

IMHO, you're better off skipping the satnav systems built specifically for car use and should instead invest in a handheld GPS unit from one of the other companies.

A color Garmin with autorouting will run you about $300 and is about $100 less than an similar TomTom unit. You won't get voice prompting (which I would turn off anyway -- using a laptop running Streets and Trips or any of the other route software with voice actuation is annoying for any city driving) and the screen won't be quite as large but I

Still TomTom for me

[maggard]

Thanks for your thoughts, however I expect my next satnav will also be a TomTom.

Nothing against the other brands, but so far the TomTom's feature set has really matched my needs.

I really really like the speaker on my TomTom 300. Yeah, it's big, indeed its the whole back of the device. The thing looks like a first generation iMac with the big hump behind the screen. But that speaker is clear , I can hear the directions with the windows open, the radio playing, etc.

Not everyone likes voice navigation bu

Re:

[dagda76]

I travel about 25% of the time and I also use the TomTom 300. I always use the voice navigation and rarely look at the screen.

Re:

[autophile]

TomTom Corp.is out of Belgium, which is reflected in their multilingual features & mapsets. They've been fairly hacker friendly and there are a number of 3rd party addon packages that have shown up over the years.

That's for sure!

--Rob

Re:

[Weh]

tom tom is dutch, not belgian.

Re:

[vinlud]

Dutch, TomTom is Dutch (Netherlands!) :)

Not the official TomTom website

[iow]

Disclaimer: I work for TomTom. Please note that www.tomtomgo910.co.uk is not the official TomTom website. It seems to be a landing page for easydevices.co.uk since the 'order now' links points to there. The official site can be found here: http://www.tomtom.com/ [tomtom.com]

Re:

[Blue0ctane]

But it's where the GPS directed me to go!

Still isn't any information there

[mrmeval]

0 Results for All-in-one navigation , TomTom GO 910 , Update/Upgrade - virus
Unfortunately we were unable to find any answers that could solve the question you have asked.

Is It Running On Vista?

[SkyDude]

I'm thinking maybe an alien infected the GPS satellite as revenge for Jeff Goldblum and Will Smith infecting the mother ship. Or maybe it's running on Vista.

Tom Tom !

[Nitroadict]

Wheeeeeere is my automobile?!

Re:

[QuasiEvil]

I don't know - having a couple spares in the car could have come in handy at a few points in my history...

"Tom Tom, should I use protection?"

TomTom are slack bastards with a promising product

[Mal Reynolds]

I'll be shocked if TomTom get out in front of this issue and proactively try to alert their customer base to the problem.

TomTom does produce a decent product, but they are the epitome of Slack Bastards when it comes to supporting their goods.

It's impossible to reach TomTom on the phone, they tend not to answer e-mail, and their web site is such a muddle that finding updates and information is nearly impossible. They don't even have a user forum. Their web site is so convoluted, even finding out

Re:TomTom are slack bastards with a promising prod

[feld]

It's impossible to reach TomTom on the phone, they tend not to answer e-mail, and their web site is such a muddle that finding updates and information is nearly impossible. They don't even have a user forum. Their web site is so convoluted, even finding out how and where to purchase map updates is an exercise in extreme tedium.

Wow that IS difficult! Tomtom.com Click your country. Click Maps. Click Buy Maps. Jesus I've never seen anything so difficult!!!!

Re:

[Mal Reynolds]

Try to buy maps for TomTom 5... Can't do it can you? Try to find out how recent the map data is for the various updated maps they are selling. You won't find that either. If you already have TomTom Nav 5 and want the new maps, what should you do? It's a bit clearer now, but for months it was not.

Through trial and error I found out that purchasing new maps for TomTom 5 required a complete software update to TomTom 6. But TomTom refused to say whether version 6 would even run on all the devices t

Re:

[feld]

ahh well that's a little bit clearer now.

too bad it has to be like that... sounds like they could be a better company!

Re:

[Grimbleton]

Flamebait? FLAMEBAIT?! http://en.wikipedia.org/wiki/Trojan_War [wikipedia.org] I highly recommend this.

Notice is posted

[lscotte]

The notice IS posted on the official tomtom website: http://www.tomtom.com/news/category.php?ID=2&NID=3 49&Language=1 [tomtom.com]