Energizer is known for their batteries and not for their software. So, if you have installed the software for the Energizer Duo battery charger to monitor the charging level of your batteries, remove the software immediately.
According to Consumerist.com, “if you're using the Energizer Duo battery charger, and have connected it to your PC to check the charge levels of the batteries, you may have inadvertently exposed yourself to a program that could give hackers access to your computer” . The software has a vulnerability that would allow for hackers to execute code on your machine.
Symantec, the company who discovered the exploit, speculates that the flaw may have been an inside job at Energizer. They state “the fact that the temp file created by one of the commands has the prefix “liu” is interesting, since the name “Liu hong” appears elsewhere in the code. Not only that, but other programs that are part of the installation package for the USB Charger software also take in the parameter “-liuhong”. Could it be that he was the creator of the installation package? We were interested in finding out how long this file had been available to the public. The compile time for the file is May 10, 2007. It is impossible to say for sure that this Trojan has always been in this software, but from our initial inspection it appears so."
Energizer will not be issuing an update to the software to fix the flaw. The product is no longer produced but the device will still charge your batteries without the software, but, you will have no way of monitoring the progress.
40 Comments - Add comment