Call Search
     

New to Ham Radio?
My Profile

Community
Articles
Forums
News
Reviews
Friends Remembered
Strays
Survey Question

Operating
Contesting
DX Cluster Spots
Propagation

Resources
Calendar
Classifieds
Ham Exams
Ham Links
List Archives
News Articles
Product Reviews
QSL Managers

Site Info
eHam Help (FAQ)
Support the site
The eHam Team
Advertising Info
Vision Statement
About eHam.net

   Home   Help Search  
Pages: [1]   Go Down
  Print  
Author Topic: Possible Chinese H/T driver CD malware?  (Read 3443 times)
KB4RIZ
Member

Posts: 6




Ignore
« on: March 10, 2013, 06:34:57 PM »

This came as part of an e-mail from our local ham club.  Any ideas about this? 

---------------------------------------------------------------------------------------

This was received from AAA4RD regarding drivers accompanying those
inexpensive Chinese import VHF/UHF handy-talkies:

A Dangerous Bargain

Gary Geissler, a Colorado-based IT specialist and high-tech advisor to
Army MARS, sends this caution about a dangerous bargain in the ham radio
marketplace.

The best buy these days in handheld transceivers are the ones from Hong
Kong. The HTs are being purchased by amateurs, public service providers,
and others in government organizations. Some versions have FCC and
other type acceptance.

The transceivers sell for a fraction of the price of comparable units
from the big three yet can work all the amateur and public service
frequencies from the civil aircraft band to the top of the public
service UHF band. They have many memories and features and can be
programmed from a PC. Powered by big lithium ion batteries (included)
they are a steal for $55.00.

Or so it would seem.

I work for Digital Globe Incorporated. As our corporation is an
important government contractor we are working with the USG to resolve
issued as they appear with regard to computer and Internet security.
The software tools we use are among the strongest available anywhere
(and as a result, the most intrusive and painful!)

So when I put the tiny driver CD that came with my [Chinese] handheld
transceiver's programming cable into a machine to scan it I had no idea
that the disk would pull an immediate alert. The alert was so strong
that I could not go any further and determine contents, files, names of
virus, and so forth.

The CD was given to our computer security department. They will process
it and forward the results to their USG contact. This is only the second
time I have seen an alert this strong. The other time (last week
actually) was while downloading a .pdf research paper from a university
researcher's site.

Lest anyone think otherwise, we are under attack. One might suspect
that the "real" object of the exercise with regard to the very low cost
of the Hong Kong HTs is the unseen present on the CDs. I'm not a
conspiracy theory sort of guy; we can talk more about this at some
point.



I might suggest a neutrally worded warning to destroy any driver CDs
that come with Hong Kong HTs; the Prolific USB/RS-232 drivers are
available at no charge from US sites and the public domain open source
CHIRP software is more than adequate for programming the radios in any
event.


Gary AAR8GI
Logged
N0FPE
Member

Posts: 370




Ignore
« Reply #1 on: March 16, 2013, 07:56:19 PM »

I tossed the CD that came with my Baofeng in the trash without even trying it. Chirp works just fine.
YMMV
Logged
K1CJS
Member

Posts: 6055




Ignore
« Reply #2 on: March 17, 2013, 05:20:54 AM »

I wouldn't doubt it in the least.  I keep saying you get what you pay for, and with prices that cheap, what you're getting is a bargain--for those who supply the programming disc, that is.
Logged
KG4LMZ
Member

Posts: 102




Ignore
« Reply #3 on: March 19, 2013, 05:58:14 AM »

If anyone has a copy of that CD that they're planning to throw out, I'll pay the postage to get it for research purposes.
Logged
KG4LMZ
Member

Posts: 102




Ignore
« Reply #4 on: March 22, 2013, 06:22:35 AM »

Bump.  I work on products that attempt to detect and interdict malware.  I would really like to subject a copy of this CD to our research team's analysis, if I can get my hands on an original CD as shipped.
Logged
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!