Weird news of the day: Energizer USB battery charger contains backdoor

"The United States Computer Emergency Response Team (US-CERT) has warned that the software included in the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access.


In an advisory, the US-CERT warned that he installer for the Energizer DUO software places the file UsbCharger.dll in the application’s directory and Arucer.dll in the Windows system32 directory.

When the Energizer UsbCharger software executes, it utilizes the UsbCharger.dll component for providing USB communication capabilities. UsbCharger.dll executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key."

http://blogs.zdnet.com/security/?p=5602&tag=wrapper

A way to "hack into" your system. I am dying to hear what this was supposed to be for.

The only possible thing I can think of is the computer's highly-filtered power supply, possibly reducing the need for circuitry that does the same thing for a stand-alone charger that plugs into the wall socket.

Is it necessary for the current going into the batteries to be modulated in any kind of repeating waves or spikes? Is it necessary for the computer to monitor the charge state of these batteries and modulate what is going in?

Why build a battery charger that plugs into a computer?

I suppose the software was meant to tell you the charge state of your batteries, maybe even pop up an ad when it's time to buy new batteries.

Or maybe anything you plug into your computer or your computer itself is suspect, especially in paranoid states like China and the USA.

your batteries anywhere in the world. Most laptop users that travel already have conversion kits for power in US, europe etc. This gadget would allow them to simple plug in the charger to the usb port on the notebook whereever they are.

Pretty neat gadget if it didn't have the backdoor to it.

I'd buy one of these in a heartbeat. Anything that keeps you in power using what you have on you can be a lifesaver (perhaps not literally)

The iPhone is always charged through the USB connection, whether connected to a computer or using the small "charger" that has a USB socket. It seems a good design, with me having to keep up with a single cable with an attached plug.

During a power outage, I can recharge my phone using the reserve in my laptop. Handy when traveling or otherwise inconvenient to recharge from the grid.


We see attacks like this all the time, backdoor trojans and other malware hidden optional software included with hardware devices like uninterruptable power supplies, multimedia card readers, or digital picture frames; available for download as freeware utility or monitoring software; or hidden in the control software internal to the hardware device and activated when the device is plugged into your computer, much like the old problem with infected floppy disk and diskettes long ago.

Trojans can be hidden in hardware components that few would ever suspect: graphics cards, disk drives, anything USB, network adaptors, LAN routers and hubs, and even a tiny chip in the plug assembly for som types of cables.