The United States Computer Emergency Response Team (US-CERT) has warned that the software included in the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access.

In an advisory, the US-CERT warned that he installer for the Energizer DUO software places the file UsbCharger.dll in the application’s directory and Arucer.dll in the Windows system32 directory.

When the Energizer UsbCharger software executes, it utilizes the UsbCharger.dll component for providing USB communication capabilities. UsbCharger.dll executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key.

US-CERT said that Arucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp.

You can read the bulletin from US-CERT here or a detailed report from symantec here.

Next time we will probably find a backdoor in the batteries themselves by alternating power to wherever you plug those batteries and make the device spit up bits of secret keys. 😆

Tagged with: