Slashdot Mirror
Police Body Cameras Come With Pre-Installed Malware
An anonymous reader writes: The old Conficker worm was found on new police body cameras that were taken out of the box by security researchers from iPower Technologies. The worm is detected by almost all security vendors, but it seems that it is still being used because modern day IoT devices can't yet run security products. This allows the worm to spread, and propagate to computers when connected to an unprotected workstation. One police computer is enough to allow attackers to steal government data. The source of the infection is yet unknown. It is highly unlikely that the manufacturer would do this. Middleman involved in the shipping are probably the cause.
Now that's socially responsible.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
" but it seems that it is still being used because modern day IoT devices are built pretty crappy by amateurs that don't want to make good products."
You don't need a virus scanner on a read only OS, but you do need to have the people in charge and on the line of design and manufacture to not be complete morons.
Do not look at laser with remaining good eye.
I'm going to go out on a limb and assume that they are manufactured and shipped from China.
While I'll grant the manufacturer isn't likely to DELIBERATELY infect things, my first assumption is that the manufacturer simply has terrible security and the worm made it into the master image for all their devices.
Never assume malice where stupidity is a viable explanation.
A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
Even if they upload to desktops at the officers local squad, these computers would likely be protected.
Who wants oversight here?
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Store firmware on removable card that needs to be flashed for first use with a verified download
Why would the Middleman do that? The HEYDAR can already tap into the police networks and cameras directly.
When I read the title, I thought they meant the wearer of the camera.
No, it's not.
What is this??? 2004?
Police are so fucking stupid. I'm sure they use these devices without any question, what so ever.
Pray to deity/FSM you never get entangled with these brainiacs, because everyone will side with the police, not you, without question.
So what is the IoT angle here? As far as I can tell the malware was placed on the drive of the bodycam as a file (it's the only infection vector that makes sense in this case), and that can happen to any USB drive. While I'm sure it's possible to design a worm that can infect IoT devices, this doesn't seem to be an example of one.
I used to work for TomTom, who have also delivered new devices preloaded with malware, and it's quite common to find infected computers in the factories. TT devices had a USB mass storage mode and that's what was being infected. Wouldn't surprise me at all if that's what was happening in this case too...
Oh APK, you're so brave, please do tell me how hosts files can get us out of this sticky situation!
http://hardware.slashdot.org/c...
Are the cameras actually "infected" with it or do they just have copies of the install payload in their storage? I wouldn't have expected something like a small embedded camera device to actually be running Microsoft Windows. (Yes, I know there's a "Windows Embedded" and they could, I just wouldn't expect it.)
Hacker Public Radio is our Friend
Conficker is an NSA creation.
What's the purpose of the mandatory body cameras? To save lives? Ha....hardly. The purpose of the body camera is to feed data back to the NSA to train their image recognition algorithms . Thus enabling them to use the ever growing number of cameras across the USA and abroad to identify people wherever they may go.
It's also being used to spy on the police too, by recording their patterns of movement.
Yes, this is a fact, so please don't make yourself look like a retard by rolling your eyes and shouting "tinfoil hat" or whatever.
Right now the body cameras not "officially" connected to the NSA computers. Hence the use of the Conficker worm to gather the data anyway. That will later change.
FUCK DICE.
--- shiftless (410350)
unless you can scan and clean the OS image assume it has been prehacked
"The worm is detected by almost all security vendors, but it seems that it is still being used because modern day IoT devices can't yet run security products."
I thought Conficker worked on *Windows* OS. That can run antivirus.
"but it seems that it is still being used because modern day IoT devices can't yet run security products."
I'll allow you to say this when a worm is targeting Receivers or Fridges. Or even Raspberry PI. Not when the targeted item is running Windows.
Many years ago, I worked at a now-decommissioned nuclear power generating station in S. California. I did software development in the Health Physics dept.
One day I noticed that every few minutes, the PC of the developer behind me (we had "bull pen" cubes with 4 per bull-pen) would annoyingly beep.
I asked him what that was, and he said "I don't know, it just does that. I ignore it.
Turns out it was a virus. It was brought in by the local PC vendor, who one day went around from PC to PC, updating the Video BIOS of PCs equipped with a particular Matrox display card.
My PC didn't have that card. The other fellow's PC did...
It was eventually discovered, when somebody else didn't just ignore it...
This was outside of containment, and so it spread further than it would inside of containment. Due to the "what goes in, doesn't come out" policy, had the vendor updated PCs inside of containment, he would have had to have left the infected floppy disk inside. The infection would have been limited to containment.
We can all sleep better.... egad, what am I saying?!
See subject: More than a decade & a 1/2++ ago I bought a modem from that now defunct company. On the CD that came w/ it was a malware - right in telecommunications equipment no less!
APK
P.S.=> Was it a "false positive"? Possibly (I've run into that 1st hand w/ wares I've written myself THAT ARE NOT F'ING MALWARE & had them detect as that from 8-10 antivirus companies in my time, but I got EVERY SINGLE ONE to rescind it as a false positive though (... & they were declared 'malware' & for STUPID reasons sometimes like using WinRar SFX's as installers (keeps them simple & easily 2++mb smaller than say, InstallShield or ones like it)) OR using compressed executables (which makes it harder to disassemble them to steal their code)) - but, the point's there & in those "halcyon days of yore" for me, I wasn't saavy enough to step-trace the autorun.inf file OR pick it apart using a VM or debug symbol loaded version of an NT-based OS to check it... apk
See subject: I posted it & had a solution 3++ or more years before this-> http://it.slashdot.org/comment...
* :)
(I was "curing Conficker" way, Way, WAY before anyone else by doing the measures noted here back in 2009 & publicly since oh, 1997, on NT-based OS by simply tuning the OS for performance (by not running services you do not need))
APK
P.S.=> "And, there ya go..." - if these cams aren't networked, it'll work (by cutting out what that malware depends on & you can function JUST FINE minus them if you're not networked)... apk
50++% & counting - Google's propulsion's out (ads) + so are most tracking/spying mechinations -> FROM https://www.youtube.com/watch?...
* :)
I think that about "sums it up" by analogy perfectly as to my hosts files program which functions like Capt. America's shield giving you more speed, security, reliability, & anonymity than ANY single other "so-called 'souled-out solution'" there is, bar-none!
(... Simply by using what you already have natively instead of STUPIDLY & ILLOGICALLY bolting on an already defeated by clarityray browser addon crippled by default OR built on its faulty easily detected & blocked code...))
* See subject above - None of your troll bullshit can make me 'stand down' & you know it... you fail (on ALL fronts).
(I'm not 'advertising' anything - it's free, it works doing MORE than any other single "so-called solution" can + FOR LESS no less - & you're terrified of it...)
APK
P.S.=> Quoting "Captain America the Winter Soldier" in the analogy above, & now Howard Stark from the 1st Capt. America film in keeping with it regarding hosts files superiority on ability + resource consumption fronts:
"It's stronger than steel & a 3rd the weight" - Howard Stark
... apk
50++% & counting - Google's propulsion's out (ads) + so are most tracking/spying mechinations -> FROM https://www.youtube.com/watch?...
* :)
I think that about "sums it up" by analogy perfectly as to my hosts files program which functions like Capt. America's shield giving you more speed, security, reliability, & anonymity than ANY single other "so-called 'souled-out solution'" there is, bar-none!
(... Simply by using what you already have natively instead of STUPIDLY & ILLOGICALLY bolting on an already defeated by clarityray browser addon crippled by default OR built on its faulty easily detected & blocked code...))
* See subject above - None of your troll bullshit can make me 'stand down' & you know it... you fail (on ALL fronts).
(I'm not 'advertising' anything - it's free, it works doing MORE than any other single "so-called solution" can + FOR LESS no less - & you're terrified of it...)
APK
P.S.=> Quoting "Captain America the Winter Soldier" in the analogy above, & now Howard Stark from the 1st Capt. America film in keeping with it regarding hosts files superiority on ability + resource consumption fronts:
"It's stronger than steel & a 3rd the weight" - Howard Stark
... apk
50++% & counting - Google's propulsion's out (ads) + so are most tracking/spying mechinations -> FROM https://www.youtube.com/watch?...
* :)
I think that about "sums it up" by analogy perfectly as to my hosts files program which functions like Capt. America's shield giving you more speed, security, reliability, & anonymity than ANY single other "so-called 'souled-out solution'" there is, bar-none!
(... Simply by using what you already have natively instead of STUPIDLY & ILLOGICALLY bolting on an already defeated by clarityray browser addon crippled by default OR built on its faulty easily detected & blocked code...))
* See subject above - None of your troll bullshit can make me 'stand down' & you know it... you fail (on ALL fronts).
(I'm not 'advertising' anything - it's free, it works doing MORE than any other single "so-called solution" can + FOR LESS no less - & you're terrified of it...)
APK
P.S.=> Quoting "Captain America the Winter Soldier" in the analogy above, & now Howard Stark from the 1st Capt. America film in keeping with it regarding hosts files superiority on ability + resource consumption fronts:
"It's stronger than steel & a 3rd the weight" - Howard Stark
... apk
See subject: Quoting Ozymandias from "The Watchmen"? Well, "Even Dr. Manhattan can't be everywhere @ once..."
* :)
THIS STOPS CONFICKER http://hardware.slashdot.org/c... (albeit for non-networked devices @ least YEARS AGO if not decades by now tuning NT-based OS)!
(The problem here due to "re-emergence apparently on these devices) ... & that LITERALLY DID STOP IT to the tune of a "+1 Informative" UPMOD here on /. circa 2009, courtesy of "yours truly" no less...
(This crap's going way, Way, WAY outta control - it's too bad more people aren't doing something about it, especially those of us in the field itself... I understand being busy & "tied up by life" in its other facets, but imo @ least? It's your duty as a human being to aid in "little revolutions"...)
Especially when you have the skills & means to do so...
APK
P.S.=> TO WHOEVER DOWNMODDED LAST TIME I POSTED THIS:
Both here http://hardware.slashdot.org/c... & here http://hardware.slashdot.org/c... when I wasn't aware of the mechanics @ work here & that these devices are Windows based?
Again quoting that film & Dr. Manhattan:
"It didn't kill Osterman - did you think it would kill me?"
(I just repost & you'll blow ALL YOUR MODPOINTS OUT... guess who always wins there? Yours truly!)
... apk
See subject & this link-> http://hardware.slashdot.org/c...
* :)
(I've been "tuning into" that film again with a friend here this weekend, & what you wrote prompted that posting from me... lol!)
APK
P.S.=> Seems apt for the subject @ hand in relation to your alluding to "who watches the watchers"/Quis custodiet ipsos custodes? & that film's beginnings + that quote + what's going on here!
See - I'd like to HELP law enforcement any way I could, since without them? We'd have chaos imo @ least!
I do so with this for PC users who use Windows!
(Directly, & indirectly by the program's outputs for other devices + OS that use a BSD derived IP stack -> APK Hosts File Engine 9.0++ SR-2 32/64-bit http://start64.com/index.php?o... which yields more speed, security, reliability, even anonymity than ANY other single "so-called 'solution'" (especially the 'souled-out' & crippled by default slower usermode vs. kernelmode less efficient ones in browser addons OR DNS (riddled by security issues galore))
... apk
See subject: Quoting the "Watchmen" & Dr. Manhattan: "It didn't kill Osterman - did you *REALLY* think it would kill me?" http://hardware.slashdot.org/c...
(I just repost & you'll blow ALL YOUR MODPOINTS OUT... lol!)
Guess who always wins there?
(Yours truly!)
APK
P.S.=> :)
... apk
See subject: Quoting the "Watchmen" & Dr. Manhattan: "It didn't kill Osterman - did you *REALLY* think it would kill me?" http://hardware.slashdot.org/c...
(I just repost & you'll blow ALL YOUR MODPOINTS OUT... lol!)
Guess who always wins there?
(Yours truly!)
APK
P.S.=> :)
... apk
See subject: Quoting the "Watchmen" & Dr. Manhattan: "It didn't kill Osterman - did you *REALLY* think it would kill me?" http://hardware.slashdot.org/c...
(I just repost & you'll blow ALL YOUR MODPOINTS OUT... lol!)
* Guess who always wins there?
(Yours truly!)
APK
P.S.=> :)
... apk
See subject: Your replying saying that projects that you do care...
APK
See subject: Quoting the "Watchmen" & Dr. Manhattan: "It didn't kill Osterman - did you *REALLY* think it would kill me?" http://hardware.slashdot.org/c...
(I just repost & you'll blow ALL YOUR MODPOINTS OUT... lol!)
* Guess who always wins there?
(Yours truly!)
APK
P.S.=> :)
... apk
FROM (& I'd suggest listening to Mr. Chaplin do it, he delivers like NO other could have (even Robert Downey Jr., as good as a "thespian" as he is couldn't in the film "Chaplin")) -> https://www.youtube.com/watch?...
"I'm sorry, but I don't want to be an emperor. That's not my business. I don't want to rule or conquer anyone.
I should like to help everyone - if possible - Jew, Gentile - black man - white.
We all want to help one another. Human beings are like that.
We want to live by each other's happiness - not by each other's misery. We don't want to hate and despise one another.
In this world there is room for everyone. And the good earth is rich and can provide for everyone.
The way of life can be free and beautiful, but we have lost the way.
Greed has poisoned men's souls, has barricaded the world with hate, has goose-stepped us into misery and bloodshed.
We have developed speed, but we have shut ourselves in. Machinery that gives abundance has left us in want.
Our knowledge has made us cynical. Our cleverness, hard and unkind. We think too much and feel too little.
More than machinery we need humanity. More than cleverness we need kindness and gentleness.
(Without these qualities, life will be violent and all will be lost...)
The aeroplane and the radio have brought us closer together. The very nature of these inventions cries out for the goodness in men - cries out for universal brotherhood - for the unity of us all.
Even now my voice is reaching millions throughout the world - millions of despairing men, women, and little children - victims of a system that makes men torture and imprison innocent people.
To those who can hear me, I say - do not despair:
The misery that is now upon us is but the passing of greed - the bitterness of men who fear the way of human progress. The hate of men will pass, and dictators die, and the power they took from the people will return to the people.
And so long as men die, liberty will never perish.
Soldiers:
Don't give yourselves to brutes - men who despise you - enslave you - who regiment your lives - tell you what to do - what to think and what to feel! Who drill you - diet you - treat you like cattle, use you as cannon fodder. Don't give yourselves to these unnatural men - machine men with machine minds and machine hearts!
You are not machines, You are not cattle - You are men!
You have the love of humanity in your hearts - You don't hate! Only the unloved hate - the unloved and the unnatural!
Soldiers: Don't fight for slavery - Fight for liberty!
In the 17th Chapter of St Luke it is written: "the Kingdom of God is within man" - not one man nor a group of men, but in all men!
In you!
You, the people have the power - the power to create machines. The power to create happiness!
You, the people, have the power to make this life free and beautiful, to make this life a wonderful adventure.
Then - in the name of democracy:
Let us use that power - let us all unite. Let us fight for a new world - a decent world that will give men a chance to work - that will give youth a future and old age a security.
By the promise of these things, brutes have risen to power. But they lie! They do not fulfill that promise. They never will!
Dictators free themselves but they enslave the people!
Now let us fight to fulfill that promise! Let us fight to free the world - to do away with national barriers - to do away with greed, with hate and intolerance.
Let us fight for a world of reason, a world where science and progress will lead to all men's happiness.
Soldiers: in the name of democracy, let us all unite!"
APK
P.S.=> Quoting a great man (Charlie Chaplin) from LONG AGO on that one - he said it better than I ever could - CHANGE STARTS WITH YOU, in "little revolutions"... apk
See subject: Quoting the "Watchmen" & Dr. Manhattan: "It didn't kill Osterman - did you *REALLY* think it would kill me?" http://hardware.slashdot.org/c...
(I just repost & you'll blow ALL YOUR MODPOINTS OUT... lol!)
* Guess who always wins there?
(Yours truly!)
APK
P.S.=> :)
... apk
See subject: Quoting the "Watchmen" & Dr. Manhattan: "It didn't kill Osterman - did you *REALLY* think it would kill me?" http://hardware.slashdot.org/c...
(I just repost & you'll blow ALL YOUR MODPOINTS OUT... lol!)
* Guess who always wins there?
(Yours truly!)
APK
P.S.=> :)
... apk
Come gather round people wherever ya roam & admit that the waters (threats online) around you have grown
(... & accept it that soon you'll be drenched to the bone!)
If your time (speed) to you is worth savin'... & Ya better start swimmin' or you'll sink like a stone (being infected)
Oh the times they are a-changin' (antivir & firewalls = ineffective vs. modern threats online -> http://www.dshield.org/diary/A... + http://www.symantec.com/connec... & http://it.slashdot.org/story/1... )
Come writers & critics who prophesize w/ your pen (trolls)
&
Keep your eyes wide: The chance won't come again - & don't speak too soon, for the wheel's still in spin!
(... & there's no telling who that it's naming (APK))
Cuz the loser now will be later "the win"!
For the times they are a'changin'...
Come senators/congressmen please heed the call - Don't stand in the doorway, don't block up the hall!
Oh, He that gets hurt (users) will be he who has stalled (being infested)
Big battle outside ragin'!
Will soon shake yer Linux/OS X/MS Windows & rattle DNS/BrowserAddons/Antivirus & FIREWALLS ( http://www.symantec.com/connec... )!
For the times they are a changing!
Come mothers & fathers throughout the land!
(... & don't criticize what ya can't understand (hosts))
Your sons & daughters (ME) are beyond MEDIA command!
Your old road (above firewall/antivirus/dns + inferior inefficient browser addons) is rapidly agin'.
Please get out of the new one if ya can't lend a hand!
Oh the times they are a-changin'...
The line it is drawn (ad hominem attacks): The curse it is cast (abused downmods)!
(... The slow one now, will later be fast - as the present now (browser addon adblockers) will later be past (hosts))
The order is rapidly fadin'!
And, the 1st one now ("AlmostALLAdsBlocked" dying rapidly) will later be last!
For the times they ARE a-changin'...
APK
P.S.=> All I have to say to those who downmodded me is above courtesy of the film "The Watchmen"...
... apk
See subject: Quoting the "Watchmen" & Dr. Manhattan: "It didn't kill Osterman - did you *REALLY* think it would kill me?" http://hardware.slashdot.org/c...
(I just repost & you'll blow ALL YOUR MODPOINTS OUT... lol!)
* Guess who always wins there?
(Yours truly!)
APK
P.S.=> :)
... apk
Watch Dogs is here. Where's Aiden Pearce?
IoT police body camera device is running windows, really? It's powerful enough for that, but not for running a security scanner.
I think conficker is the least of their problems.
On a long enough timeline, the survival rate for everyone drops to zero.
Who knows how this will play out. If there are already thousands of these cams in use by cops on the beat, we just may find it was someone such as Anonymous that was responsible, and that it will result in lots of dirty laundry being observed by all, even when the cops don't want us to see it, or that they claim the cameras were "inadvertently" not turned on... but, SURPRISE!!! we not only get to see what they wanted to conceal, but we'll be able to catch them in a coverup as well. Ahhh... much more unintended transparency. Then again, if we find out it was the handiwork of organized crime, identity thieves or even worse, we might be in for some really bad times until law enforcement figures out how to put a lid on this and clean up their systems.
See subject: Quoting the "Watchmen" & Dr. Manhattan: "It didn't kill Osterman - did you *REALLY* think it would kill me?"
(I just repost & you'll blow ALL YOUR MODPOINTS OUT... lol!)
* Guess who always wins there?
(Yours truly!)
APK
P.S.=> :) ... apk