China-Made Handheld Barcode Scanners Ship with Spyware

Credit: wk1003mike/Shutterstock.

(Image credit: wk1003mike/Shutterstock.)

Who scans the scanners?

Some Chinese-manufactured shipping-barcode handheld scanners — of the type used by many United States retailers and warehouses, as well as delivery services such as UPS and FedEx — were found to have sophisticated spyware preloaded on them, according to San Mateo, California-based security company TrapX. Dubbed "Zombie Zero," the information-stealing malware is likely part of a state-sponsored industrial-espionage campaign.

The malicious software is located in the scanners' Windows XP Embedded operating systems, according to TrapX's report. When the handheld scanners connect to a company's Wi-Fi network, the Zombie Zero malware activates, hacking into company servers and stealing information, from shipping manifests to corporate secrets. All the information goes to servers in China.

MORE: 12 Things You Didn't Know Could Be Hacked

TrapX was able to trace Zombie Zero back to a Chinese factory that sells proprietary shipping and logistics scanning hardware and software to companies around the world. Eight unnamed companies recently received scanners with advanced malware pre-installed on them.

In stage one of a Zombie Zero attack, the malware uses a number of advanced tricks to escape from the handheld scanners to infect a targeted company's servers. The malware then seeks out company servers that have the word "finance" in the host name, in order to locate corporate financial data, customer data, shipping and manifest information, and more. 

In stage two, Zombie Zero then connects to command-and-control servers in China in order to download even more malware onto compromised company servers; the new malware then establishes a local command-and-control server within the infected company's own network.

TrapX determined that one of the remote command-and-control servers was located in the Lanxiang Vocational School in Jinan, Shandong, China, south of Beijing, and the other was located at a facility in Beijing itself.

TrapX notes that the scanner factory is located near the Lanxiang Vocational School, previously linked to the Operation Aurora cyberespionage campaign that stole information from dozens of major American corporations in 2009. (Only a few companies, including Google and Adobe Systems, have admitted being targeted by Operation Aurora.)

In its report, TrapX focused on one unnamed manufacturing company that used 48 scanners, 16 of which were infected, made by the Chinese factory in question. An internal firewall initially stopped the scanner-based malware from spreading throughout the company network, but the malware adapted its attack method and was successful on a second try.

The targeted company had installed security certificates for network authentication on the handheld scanners. But because the malware was already installed on the devices, the certificates were "completely compromised," TrapX said.

By the end of Zombie Zero's attack on the company, "exfiltration of all financial data ... was achieved, providing the attacker complete situational awareness and visibility into the logistic/shipping company's worldwide operations."

TrapX said the malware wasn't only on the handheld scanners. It also found malware in scanner software available for download from the Chinese's manufacturer's website, possibly putting more companies than the originally targeted eight at risk of a "zombie" infection.

This isn't the first time that a Chinese product has been found with malware pre-loaded on it. Last month, the Android smartphone Star N9500, a Samsung Galaxy S4 knockoff, was found to have spyware baked right into its operating system.

Email or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects. 

  • gsxrme
    Hacking the US is an act of war. If the US government finds out where the server is located we should drop a nice little bomb on the building that holds the fooking server.

    *Message sent*

    Hopefully our next leader has a pair and stands up against china and russia a little better.
  • hfitch
    This is why the Us government doesn't want to allow Chinese telecommunications vendors and data providers in America. They blocked most of their attempts to set up 4g sites in America. They also banned companies from buying their servers. The problem is a lot of chips and data equipment is in a lot of what we use everyday. Open your toaster up I guarantee you will see something with made in China in it. Also a small chip running your toaster as well. I wouldn't be shocked one day you find out they been putting listening devices in household smart appliances.
  • nukemaster
    The US can not bomb China because half the work is made in china. Hack them back.

    I do not think people realize that the only reason electronics are as cheap as they are is because they can be made for less in these countries.

    Do you want to know what a 100% American manufactured notebook would cost?

    Do not get me wrong, this sucks and all, but bombing them will not help anything.
  • godnodog
    Hacking the US is an act of war. If the US government finds out where the server is located we should drop a nice little bomb on the building that holds the fooking server.

    *Message sent*

    Hopefully our next leader has a pair and stands up against china and russia a little better.

    So should Germany and others sent a message to the US?
    Everyone does it, it´s up to you to protect your data, unfortunatly this is very hard if not impossible.
  • robochump
    More proof that China doesn't give a crap about you....but we have no way of not buying from China!!! lol Companies seriously need to stop manufacturing in China especially since Big Red is stealing IP left and right. There is more than enough cheap labor in the World, Go Mexico!
  • Bondfc11
    Not sure there is much for us to hack in China. The majority of our products are made there, not much military advancement, tech? not so much. We just need to get used to the fact if you want cheap and easy products sometimes they come with chlamydia.
  • oj88
    NSA and CIA already hacked into Chinese government since they bought our computers decades ago.
  • oj88
    This sort of spy games are happening everyday around the world, even among our allies. Don't make a big deal out of it.
  • cats_Paw
    So basicly everyone is spying on everyone.
    So, everyone wants to keep their secrets and steal others, but its not working... why not just stop spying and stop keeping secrets?
    At least this means they will have less time to focus on common internet users.
  • belardo
    Not impressed... but this is the new version of World War...