The Department of Homeland Security has discovered that Energizer’s Duo USB charger left Windows computers open to remote control, thanks to a back door in the product’s battery monitoring software. The DUO is a USB and AC charger for NiMH batteries. The software that comes with the product allows one to see how much oomph is left in their batteries. Apparently, though, the Windows software for this device had a lovely little bug in it.
The software installs a backdoor that allows remote access to your computer. That includes “the ability to list directories, send and receive files, and execute programs,” according to the United States Computer Emergency Readiness Team. If you downloaded the Mac counterpart, you have nothing to worry about. If you have downloaded this software for Windows, you’re going to need to execute a couple of steps in order to secure your computer.
- Uninstall the software! his will remove the Windows registry value that executes the Trojan when starting Windows.
- Reboot your computer after the uninstall has finished.
- Navigate your way to C/Windows/system32/arucer.dll. This is the file that is the backdoor component itself. Delete this file, empty your Recycle Bin, and reboot once more.
- To add one additional layer of protection, you can have your firewall block access to 7777/tcp. Energizer doesn’t list this step as necessary. It’s just an extra step for safe computing.
The DUO itself is a good product. The hardware is still available through Amazon. However, the software download has been discontinued. The product’s main function of charging by USB or AC still works. However, if you own one of these devices and would like to complain, I suggest you get in touch with them through the Energizer Contact Page.