Energizer battery rechargers still haunted by trojan backdoor
"It keeps going and going and going" may be the slogan coined for Energizer batteries, but the same holds true for a nasty trojan backdoor that mysteriously slipped into software used to monitor rechargeable versions of the product. Almost two weeks after a red-faced Energizer admitted its Duo USB battery charger installed a …
What a joke. Also software to monitor a battery charger? Fail.
Although I have the Mac version, it's old and it's so buggy that it's virtually useless the software does have one benefit - when one battery is duff it tells you which one.
Apart from that, there's no need for the software - when it's charged the unit tells you.
Nuff said
"Sometimes, the low-tech - or no-tech - solution is the way to go."
Indeed.
Battery chargers need no software, ever. A little extra circuitry that says "I'm charged", with an LED indicator is useful, occasionally. A little extra circuitry that knows when to go from "full-on" charge to "trickle" is useful, occasionally, also with LED indicators. Anything else is marketing bullshit.
With all the talk of cyber-this and cyber-that, I often remember the opening story from "Burning Chrome". It says ...
"If they think you're crude, go technical; if they think you're technical, go crude. I'm a very technical boy. So I decided to get as crude as possible."
http://project.cyberpunk.ru/lib/johnny_mnemonic/
So battery chargers need software for wtf exactly?
Any sw in a smart charger should be well tested firmware, built in.
Mistreated batteries go on fire or explode.
Why in the world would I want to charge batteries off USB anyway? Am I supposed to drain my lappie's batty on the go just to charge some AAs that I can pick up just about anywhere? Are we really that deprived of outlets? The mind boggles!
Usually these things do AAA and AA batteries.
Uses I have found (for the hard of imagination):
- Useful to have on my desk to charge batteries in wireless mouse/keyboard without having to work out where the normal mains charger has wandered to now.
- Useful to carry with me when travelling as most of my other portable devices can be run or charged from USB. Buy one combo mains plug that does worldwide socket conversion and gives me 2 USB charging ports and I barely need to carry any other plugs.
- Sods Law means your AA/AAA device will run out of power when the shops are shut. If you only have a laptop, you might find a useful trade-off in draining the laptop power to charge batteries for something else.
- Again travelling; on mass transport that provides power there are often very few outlets so you have one less choice to make as to what you want to plug in. Would you charge your batteries and flatten your laptop battery or run your laptop and buy more batteries?
Do you understand why rechargeable batteries are generally better for the environment and your pocket?
I have a USB charger for my phone, saves me packing even more bulky crap to get though airport security. When I got back to the airport to find my car battery flat and my phone almost likewise, being able to power the phone from the laptop for long enough to call the roadside assistance was more than useful.
But whatever happened to plugging them in at the wall and waiting for the LED to change colour?
Malware that will cause batteries to explode?
Oh wait.....
Mine's the one that has just burst into flames.
"Battery chargers need no software, ever"
Reality is that it's easier to check a battery is charged and control charging parameters by using a microprocessor than pure hardware, and with a micro comes software. You would be hard-pushed to create a hardware-only version of the most capable chargers which do the job best, give optimal charging, prolong battery life and save money long-term. Sure call it 'marketing BS', but there are demonstrable advantages to software solutions, not least cost.
I'd venture you've never had any experience in battery charger design.
Now in terms of PC-side software you may have a point. There is no absolute need to log charging progress, predicted time to complete charging, or assessments of battery quality and lifetime remaining. But if consumers find that useful then so be it, if manufacturers think that's what consumers will find useful, drive them to choose their product, then good luck to them.
Fly-by-wire aircraft have potential disadvantages to them but that doesn't mean stick-and-string is the only thing necessary or best. All technological advancements bring potential risk. No one needs to install PVR software with all the risks of a viral infection being dragged along as well, not when there are still theatres.
Me, I'm just waiting for a device that monitors the height above each step I lift my feet when walking up the stairs so I can reduce the impact on and thus prolong the life of my trainers!
"I'd venture you've never had any experience in battery charger design."
Tell that to the home-built charge controllers that maintain my boats & RVs. To say nothing of my off-the-grid property up in Mendocino County.
But that's OK ... Believe marketing, if you like. At least it pays your salary.
Depending on the charger, you really could save money by having a £2.50 Atmel thing monitoring the charge rate. Also handy if you want a charger that'll do NiCAD, or NiMH, or Pb, or Li-Ion/Li-Po, or whatever the battery technology-de-jour is. Little bit of a rewrite, and your charger supports the new tech without a rebuild.
Marketing, possibly. But also economics.
"I'd venture you've never had any experience in battery charger design."
"Tell that to the home-built charge controllers that maintain my boats & RVs. To say nothing of my off-the-grid property up in Mendocino County".
And all done without any software. Quite impressive. Are these lead acid batteries which can take a fair degree of punishment or Li-Ion and the like which need much more kid glove handling and strict charging regimes ? Either way I'd be interested in seeing your hardware only design.
"And all done without any software. Quite impressive. Are these lead acid batteries which can take a fair degree of punishment or Li-Ion and the like which need much more kid glove handling and strict charging regimes ?"
Uh, gee, "boat, car" and "power off the grid" ... doesn't that automagically make you realize that I'm talking lead acid?
Yes, some of the more modern charging systems take advantage of micro controllers. But that's hardly what this article was about, now was it? It's not what I was talking about, either.
"Either way I'd be interested in seeing your hardware only design."
Do your own first-year EE homework.
The only way to make companies wake up is to make them pay. Let's see...
- Paying for any infected machine to be checked/cleaned by a professional. (Logistically difficult, I admit)
- Providing a replacement machine while the above is done. (As above)
- Unlimited compensation should anyone suffer a loss through the Energizer infection. (As above)
- A penalty for each and every download of the infected file (e.g. US$1,000)
- The relevant board member(s) to be dragged over coals for:
-- Lax procedures, how did this get there in the first place
-- Why is it still available?
As others have said...why the hell does a USB charger even need software?
But we have learnt something about security at Energizer. Obviously AV does not run on their web servers or other internal system (or it's not good enough) as surely they should have picked this up themselves? How the hell did it manage to exit engineering without being scanned? (A software house/department, should run multiple scanners across a build before releasing it).
I bet they come back and say "It was a contractor wot dun it". Still not excuse for them having lax procedures and checks in place.
... can the device be described as fit for purpose?
If not it looks like Energiser might have to energise its lawyers.
This will be forgotted in 2 months time, but the pathetic Sony haters will still be ranting on about "rootkits" (that was infact a non-malicious DRM system) years from now...
"Malicious" or not, Sony installed software on computers without the owner's knowledge or consent that actively hid its own presence from the user and common AV products.
If you're cool with that, fine. Most of us are not.
Sony conspired to install software on user's machines without informing them exactly what was being installed where and for what purpose. Furthermore, said software was of no benefit to the consumer.
Energiser, on the other hand, were just stupid.
Why do you bring this up? Sony is not mentionned in this article. They went from being a reverred brand to a maligned one by their own doing (and not doing). Sony has lost. Others will come and go too. Who cares?
Don't install anything from a manufacturer until you've first tested whether the OS already supports the device and/or the device actually needs it to function.
Most of the stuff that manufacturers ship with their product is useless, badly written bloatware. Thankfully although my preferred OS also comes with a lot of useless bloatware it also comes with drivers for pretty much every device I'm ever going to want to use. I think everything I've plugged into a Windows box in the last few years has been automatically recognised and made available.
Paris:Because I recognise her and she's often available.
I had already come across the stuff Orange wanted on my system, that the guy who came to plug in my kit said I _had_ to have installed.
I gave Windows the WiFi key, loaded up FF and was connected to the thing to give it my ADL login details, then online in under a minute, with no lethargic bloaty software.
It's a shame we can't do the same with printers, most of the drivers I've seen lately have been awful wastes of space. Does it really need 65Mb of stuff (not including bundled goodies) just to get a page out of the device???
TomTom had a problem a while back that new out-of-the-box satnavs sported USB storage auto-run malware. We were told it was all fixed up and solved. Then I sent mine away for repair, and it came back with a virus on it! So I guess the repair labs in Holland still had the infection knocking around.
I mean, a USB battery? It holds about a quarter of the charge of a regular NiMH, it takes several times longer to charge, and it costs an order of magnitude more. All to save you the "hassle" of putting a battery in a charger. Jeez, where do I sign up for this fantastic deal?
I think sir, you are the fool, if you think that Sony actually knew what their contractors were doing with hiding the DRM and that it was done intentionally.
I bet you have never even heard of "First 4 Internet" company and their products, however they were the ones responsible for the "rootkit" and supplied to to other companies beside SonyBMG.
It seems some people, including yourself are stupid enough to believe everything they read on the internet...
http://en.wikipedia.org/wiki/Extended_Copy_Protection
The facts seem to have conveniently gotten lost in the mists of time.
So either they were amazingly irresponsible in not knowing exactly what the software they distributed does or amazingly irresponsible in distributing it knowingly.
Full disclosure - I do not work and never have worked for Sony or Energizer, any of their competitors or subcontractors. How about you?
I agree with AndrueC. I foolishly bought an Energizer UPS a few years ago and found its driver software was pretty much crap. Now that I'm running Win7 I don't have to worry about it anymore since no updated driver has ever been released. The hardware itself is OK and still running, and serves its purpose as long as a human is available when needed.
If you use a laptop then you're probably relying on a battery maker.
By the way, as far as I know, this is not the battery-with-a-USB-plug, fun though that one is. This is a box, model CHUSB I think, that takes 1 or 2 AA or AAA NiMH cells. In some scenarios (AAA, I think) the charge-finished light doesn't operate, and also at least without using the newly-exposed-as-dangerous software, I think you can't tell whether two batteries are both correctly seated and actually receiving current.
I remember the days when you just bought a charger, plug it into the mains and stuck your batteries into it. When it finished charging said batteries, it turned off.. Simple.
Even the most complex chargers we have at work (dual chargers for Sony camcorder batteries) only need a couple of LEDs (to let you know which battery is charging), an LCD display (tells you how much charge is in the battery and how much longer it will take to charge fully), a button and a switch. No software needed.
Why the fuck would you need software for a battery charger? It's not as if you can do anything to the batteries while they are charging.
That worked up until you said things like "camcorder batteries" and "LCD display". Unless you have a charger the size of your house, you won't drive an LCD display and get it to show anything much meaningful without a few logic chips in there at least. Also the newer camcorders tend to go for lithium-based batteries, which are a bit fickle with regards how they get charged, in the same way that everyone's favourite systems administrator is a bit of a bastard.
As soon as you start needing fine-grained control, and features such as an LCD display telling you how full the battery is, you start getting into microcontrollers. They're cheap (cheaper than a boatload of logic chips), they work, and.. well, they contain software. Or firmware if you like.
Granted, if all you want to do is bake a 12v lead/acid battery, then you can get by on little more than a transformer and a rectifier of some sorts. Four diodes in a bridge, that sort of thing. Just be careful to watch what you're doing, as even lead/acid has a tendency to start boiling, hissing and spewing vapours if you try to ram a load of current into it.
(yes, I've done my EE coursework)
The link that Frumious Bandersnatch gave is to an illegally scanned/copied book.
Just think, if all books were easily scanned and copied to the Internet, who would go to the trouble of writing another book? Authors would have to be mad to take all that trouble, time and effort just to have it coped and distributed for free. They need a profit incentive - take that away and you would end up with no new books. Unlike musicians they cannot earn much from live gigs - who is going to sit and listen to a whole book being read to them? Also unlike music, books are ASCII and the files are very small and probably impossible to protect.
I feel strongly about this and as an avid and appreciative reader I am very worried about the future of books - I honestly feel that the common paper book will disappear as a medium for new publications, authors will have to release their new works under heavy DRM software. Bad.
PS If you run Windows and you get a virus or other malware, why do you keep running Windows? Do you really think you can defeat the cyber-criminals, all of them, all of the time?
I like the idea of a USB device to charge my batts, means I wont forget to unplug them, am concerned at the power being drawn off the MB though.
oh yeah and test the software lol
Always amazes me when seemingly genuine includes nasties.
Fire icon as at least these ones don't burn out you Laptop!
Sign up, sign up for The Register's weekly IT security newsletter - click here
