Energizer needs to stick to batteries, software opens your PC to hackers

Energizer is known for their batteries and not for their software.  So, if you have installed the software for the Energizer Duo battery charger to monitor the charging level of your batteries, remove the software immediately.

According to Consumerist.com, “if you're using the Energizer Duo battery charger, and have connected it to your PC to check the charge levels of the batteries, you may have inadvertently exposed yourself to a program that could give hackers access to your computer” .  The software has a vulnerability that would allow for hackers to execute code on your machine.

Symantec, the company who discovered the exploit, speculates that the flaw may have been an inside job at Energizer.  They state “the fact that the temp file created by one of the commands has the prefix “liu” is interesting, since the name “Liu hong” appears elsewhere in the code. Not only that, but other programs that are part of the installation package for the USB Charger software also take in the parameter “-liuhong”. Could it be that he was the creator of the installation package? We were interested in finding out how long this file had been available to the public. The compile time for the file is May 10, 2007. It is impossible to say for sure that this Trojan has always been in this software, but from our initial inspection it appears so."

Energizer will not be issuing an update to the software to fix the flaw.  The product is no longer produced but the device will still charge your batteries without the software, but, you will have no way of monitoring the progress.

Report a problem with article
Previous Story

Firefox's upcoming JavaScript engine uses Webkit code

Next Story

Microsoft starts rolling out new MSN homepage

40 Comments

Commenting is disabled on this article.

Symantec, the company know for selling the most bloated and highly priced POS AV, later said, "Please ignore our findings and uninstall any of our software, which may require a reformat, and install anything else."

grewnd33 said,
Symantec, the company know for selling the most bloated and highly priced POS AV, later said, "Please ignore our findings and uninstall any of our software, which may require a reformat, and install anything else."

LOL! But really who needs a program to tell them when the battery is charged? AFIK most of the time a battery charges in 6-8 hours!

someone creates a trojan and uses their real name in the code?? lol... sounds to me like some one was trying to frame the guy... although you could do that on purpose to make it look that way ¬_¬

rippleman said,
technically, ALL software is open to hacks... and i do mean ALL... so.... guess everyone should just throw the whole computer idea out...
In fact, many drugs can make your brain open to suggestion. You never know when someone might force you to perform an unsafe action. You'd better lock yourself in a tiny room, with an lifetime supply of nutrient-rich food paste, and no contact with the outside world to prevent brain hackers from getting to you.

Better yet, why not throw your brain in the trash! Then you'll finally be safe!

rippleman said,
technically, ALL software is open to hacks... and i do mean ALL... so.... guess everyone should just throw the whole computer idea out...

Really? So a simple program that displays a dialog and closes is open to hacks? I think you need to revise your statement :P

rippleman said,
technically, ALL software is open to hacks... and i do mean ALL... so.... guess everyone should just throw the whole computer idea out...

No. Just... No.

Raa said,

Really? So a simple program that displays a dialog and closes is open to hacks? I think you need to revise your statement :P
Well unless that developer of that simple program also wrote the compiler/linker and all the used libraries, etc. etc. used by that program, then yes even a simple hello world application could have a vulnerability. ;)

So basically your saying you can trust 100% the developers of the application(s) you used to build the application. If only you were right, sorry but life is not so simple.

Edited by war, Mar 10 2010, 1:37am :

I have an I idea why don't they just put the charge status on the device :facepalm: Energizer you need to get people working at your company, not bunnies!

AJC. said,
I have an I idea why don't they just put the charge status on the device :facepalm: Energizer you need to get people working at your company, not bunnies!

I think they need to HOP on that idea!

Nobody else thinks this "hacker" is pretty dumb for making the secret command line switches and temp files with his name? I know I'm only assuming its his name but wouldn't you use something more elaborate like -3n3rG1z3r or -IGOTU or something like that?

Total Lithium Ion Fanboy here. For the 1 mouse I have, and 2 remotes that take AA and AAA batteries I just buy regular. Don't miss the days of AA rechargeable that last 1/10 of the time.

Energizer should patch the software are do a recall IMHO.

SK[ said,]OMG a software vulnerability, what next?!
It's a trojan hidden in commercial software. That's not something that happens too often.

|SK| said,
OMG a software vulnerability, what next?!

Your name breaks the quote BBCode. I love it! Best non-malicious code injection I've seen all day.

eAi said,
It's a trojan hidden in commercial software. That's not something that happens too often.

Forgotten about Sony that quickly huh? It happens more than you think.

Raa said,

Forgotten about Sony that quickly huh? It happens more than you think.

In Sony's case I don't think there was malicious intent. In the above case there could very well be.

I own this product. The software is totally optional. If you plug the batteries in overnight they'll be charged by morning. No need to monitor.

agreenbhm said,
I own this product. The software is totally optional. If you plug the batteries in overnight they'll be charged by morning. No need to monitor.

That IS what the article said.

java2beans said,
Did you guys know that the Energizer bunny was arrested for battery?

+1

Edited by xbamaris, Mar 9 2010, 6:06pm :

java2beans said,
Did you guys know that the Energizer bunny was arrested for battery?

Wonder if he'll get charged with assault.

Dead'Soul said,
why does a battery charger needs software?

It's just amazing to me how many of these types of posts come up, why doesn't anyone read the articles, it's a Forum-all you do is read! do people just read the titles and then just start replying asap?

Dead'Soul said,
i know this charger and its software for years, but i mean it is not necessary to show charge status on computer

Why not? It's not necessary to charge batteries from your computer either. Just use a wall socket charger instead.

At least this would give you an indication how long the batteries will take to charge.

Wouldn't it be in Energizer's best interest to at least patch their software? How hard could it be? I wouldn't want something like that coming back to bite me.