Police Body Cameras Come With Pre-Installed Malware

← Back to Stories (view on slashdot.org)

Police Body Cameras Come With Pre-Installed Malware

Posted by timothy on Sunday November 15, 2015 @02:18AM from the new-problems-for-new-times dept.

An anonymous reader writes: The old Conficker worm was found on new police body cameras that were taken out of the box by security researchers from iPower Technologies. The worm is detected by almost all security vendors, but it seems that it is still being used because modern day IoT devices can't yet run security products. This allows the worm to spread, and propagate to computers when connected to an unprotected workstation. One police computer is enough to allow attackers to steal government data. The source of the infection is yet unknown. It is highly unlikely that the manufacturer would do this. Middleman involved in the shipping are probably the cause.

45 of 100 comments (clear)

Min score:

Reason:

Sort:

Good netizens by Ol+Olsoc · 2015-11-15 02:24 · Score: 3, Interesting

Looks like the Internet of Things is into recycling. Old virri that don't do shit on a PC can have new life on the security lacking IoT.
Now that's socially responsible.

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
1. Re:Good netizens by KGIII · 2015-11-15 03:32 · Score: 1
  
  Viri is man, not virri. This doesn't make them right, but, well... If you don't know Latin then...
  And no, I don't agree (and I'm assuming you don't either) that viri should be even considered a 'non-standard' use by sites like Wiktionary. Vir is man. However, Wiktionary now has it listed under "English." Which means, well, something... *sighs* I guess it's better than the last site that I checked which had it listed under Latin still.
  Anyhow, no, 'virri' means nothing. At least not in any language I'm familiar with (it probably does, somewhere). But virri most certainly does not mean 'man.'
  
  --
  "So long and thanks for all the fish."
2. Re:Good netizens by JustAnotherOldGuy · 2015-11-15 04:57 · Score: 1
  
  Well, the police themselves often come with malware installed (bully syndrome) so this doesn't really surprise me.
  Also, as near as I can tell, "viruses" is a perfectly acceptable term, but "virii" isn't really even a word.
  "Viruses" doesn't roll off the tongue quite as nicely, but both the Boeing and Microsoft style guides recommend it (as does Teh Google).
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
3. Re:Good netizens by Ol+Olsoc · 2015-11-15 06:35 · Score: 1
  
  Well, the police themselves often come with malware installed (bully syndrome) so this doesn't really surprise me.
  Also, as near as I can tell, "viruses" is a perfectly acceptable term, but "virii" isn't really even a word.
  "Viruses" doesn't roll off the tongue quite as nicely, but both the Boeing and Microsoft style guides recommend it (as does Teh Google).
  Yeah - they have bad thingys on them.
  I'm now going to call viruses bad thingys.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
4. Re: Good netizens by ememisya · 2015-11-15 10:08 · Score: 1
  
  Intercepting packets and installing viruses on them. Where would anyone get that idea?
5. Re:Good netizens by viperidaenz · 2015-11-15 12:55 · Score: 1
  
  Bad Thingys or Bad Thingies?
6. Re:Good netizens by KGIII · 2015-11-15 16:18 · Score: 1
  
  I figured that I'd use my little Latin to make them aware that they were wrong in their correction of your post. ;-) I understood you, well enough. Then again, my Latin is terrible. It does mean that I do manage well enough if I don't know a word in Spanish, so there's that.
  
  --
  "So long and thanks for all the fish."
7. Re:Good netizens by Ol+Olsoc · 2015-11-15 16:43 · Score: 1
  
  I figured that I'd use my little Latin to make them aware that they were wrong in their correction of your post. ;-) I understood you, well enough. Then again, my Latin is terrible. It does mean that I do manage well enough if I don't know a word in Spanish, so there's that.
  I made the mistake of taking both Spanish and French. And use them little enough that I slip seamlessly from one to the other in conversations. Maybe that's why the native speakers laugh at me some times. "Franish', or "Spench" I guess.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
8. Re:Good netizens by KGIII · 2015-11-15 17:19 · Score: 2
  
  Oh, that's awful. I'm quasi-fluent in Spanish and I've picked up pidgin French but, worse, it's not really French. It's the bastard dialect used in Quebec. See, I live right next to it. So, I've learned to speak it - in a fashion. Thinking that this would be adequate, not too many years ago, I meandered from the UK to France via automobile (which is another story). I did not do my research and I have no idea what I actually said to those poor, innocent, French people. I don't know if I insulted them or if I just spouted gibberish.
  I guess, I'm sort of hoping for the former but I suspect it was the latter.
  It sort of stems from the days when I'd mistakenly call a fax machine or someone's modem. I'd bing, beep, and chirp back at them. I don't know what I was saying but I hoped I was printing a picture or connecting to their BBS. Lacking any pride, I'd generally keep going until the machine stopped making noises back at me. All these years and I still don't know what I said but we had a supplier who had a number that was easy to get wrong. I think their fax machine and I had a good relationship going.
  Said supplier once picked up the phone that was attached to their fax machine (as they were back then) while I was happily chirping and binging away in my office. He asked who I was, what I was doing, and so I explained. He thought that it was amusing and vowed to try it. He also told me that he'd consider trying to catch the fax machine in action in the future and trying binging, beeping, and chirping at the inbound call.
  No, I have no idea where I'm going with this. I just figured I'd share 'cause it's what I do.
  
  --
  "So long and thanks for all the fish."
9. Re: Good netizens by KGIII · 2015-11-16 12:55 · Score: 1
  
  Well yeah, don't we all? If not then why would we be posting? If we didn't want attention, if we didn't think our opinions were valid or interesting, if we didn't want to share, if we didn't want to learn, then why would we bother? I, for one, do want attention - for a whole host of reasons. I like to share, I like to learn, I like to throw ideas out there and let people improve on them, I like to hear other opinions so I'll start a conversation, and more.
  You say that as if it is a bad thing. I don't really think that I can conclude that it is anything of the sort Mr. Matrix007. It's not like it is forceful or unhealthy attention seeking - it's mutually beneficial and there seems to be just one person who complains. That makes me think that it is, indeed, not something I should concern myself with.
  What is amusing is that you, Mr. 007, are giving me that attention. You can't help it. Which means you're giving me power. Why you'd do that is beyond me. I don't know what life must be like for you if you're so willing to meander around, follow me, make complaints, and sometimes get a few moderation points to waste on me. You don't have to be powerless, you know. You have choices.
  
  --
  "So long and thanks for all the fish."
Correction... by Lumpy · 2015-11-15 02:35 · Score: 1

" but it seems that it is still being used because modern day IoT devices are built pretty crappy by amateurs that don't want to make good products."
You don't need a virus scanner on a read only OS, but you do need to have the people in charge and on the line of design and manufacture to not be complete morons.

--
Do not look at laser with remaining good eye.
1. Re:Correction... by poofmeisterp · 2015-11-15 02:59 · Score: 1
  
  Read only OS? LOL. You need to patch that thing live to the promised features that didn't meet the delivery date. Nobody want to take them offline, remount read-write and patch individual devices one at the time.
  ... and then when you don't want to do that but have to, it's a perfect time for Mr. Shady and his crew to slip changes in that weren't approved. CUZYANEEDTAHURRYNOWNOWNOWNOW!
2. Re:Correction... by Lumpy · 2015-11-15 03:14 · Score: 1
  
  ROTFL LOL! ZOMG!
  I love it when people like you that have absolutely no clue how things work try and post your troll responses. Yes a READ ONLY OS is incredibly easy to do and GASP is done daily. I suggest you read up on how a live CD/DVD works or how a BLuRay player runs linux.
  The Herp Derp is very strong in you, Keep working on it.
  
  --
  Do not look at laser with remaining good eye.
3. Re:Correction... by Lumpy · 2015-11-15 03:15 · Score: 1
  
  Dammit Slashdot, It applied my response to the grandchild and not the parent again.
  This belongs to the "read only OS LOL" fool
  
  --
  Do not look at laser with remaining good eye.
4. Re:Correction... by Lumpy · 2015-11-15 03:16 · Score: 1
  
  You move the jumper and flash the update just like you always have done in well designed professional devices.
  
  --
  Do not look at laser with remaining good eye.
5. Re:Correction... by poofmeisterp · 2015-11-15 03:23 · Score: 1
  
  ROTFL LOL! ZOMG!
  I love it when people like you that have absolutely no clue how things work try and post your troll responses. Yes a READ ONLY OS is incredibly easy to do and GASP is done daily. I suggest you read up on how a live CD/DVD works or how a BLuRay player runs linux.
  The Herp Derp is very strong in you, Keep working on it.
  I love how you, like other "I'm so smart" pundits, like to read what you want into comments to have your "I'm smarter" reply.
  I'm aware of all of that, Mr. Smart. I'm referring to what would happen if the read-only aspect were removed. Why do you think I quoted only that portion in my reply to the parent?
  In the future, you might want to try reading portions of quotes that were specifically responded to, and read it over more than once to see if you're missing something. Assuming you can jump right on an idiot's statements is quarrelsome and borderline narcissistic. It's much more intelligent to ask questions first about, maybe, what they meant. You, sir, are the reason that we as Humans have not been able to find peace.
6. Re:Correction... by poofmeisterp · 2015-11-15 03:26 · Score: 1
  
  Dammit Slashdot, It applied my response to the grandchild and not the parent again.
  This belongs to the "read only OS LOL" fool
  Oh. I lesson learned. Wait ten minutes to see if a retraction is posted before replying. Now that's inefficient. Damnit. Where's the "Undo" function after a post, 30 second time limit (or something like that). Did Google patent that? *sigh*
  Imaginary handshake coming your way.
7. Re:Correction... by doublebackslash · 2015-11-15 03:27 · Score: 1
  
  Could also have an area for updates to be placed that is read on boot and does cryptographic verification of the updates, if a physical switch isn't acceptable for one reason or another. Or something similar to taste.
  
  --
  md5sum /boot/vmlinuz
  d41d8cd98f00b204e9800998ecf8427e /boot/vmlinuz
8. Re:Correction... by KGIII · 2015-11-15 03:44 · Score: 1
  
  I had a plotter in the office that had a real button on the side that you held while power cycling it. One could then fiddle with the OS bits if one were able to do so. I did read the manual and did, technically, make a few adjustments but I put them back afterwards. If I recall correctly, it was all in some bastard assembly with a bunch of what I can only called pidgin hex. I may not be recalling properly. My attempt to fix the bug was unsuccessful but it was not a crippling bug so it never got fixed. The OEM would have, as I recall, fixed it for us but I didn't pay for a support contract. I swear to Christ, it was written in Martian.
  
  --
  "So long and thanks for all the fish."
9. Re:Correction... by U2xhc2hkb3QgU3Vja3M · 2015-11-15 03:59 · Score: 1
  
  I swear to Christ, it was written in Martian.
  Have you tried contacting Matt Damon?
10. Re:Correction... by KGIII · 2015-11-15 04:24 · Score: 1
  
  Heh... No... This would have been 1995 or so.
  
  --
  "So long and thanks for all the fish."
11. Re:Correction... by ColdWetDog · 2015-11-15 04:36 · Score: 1
  
  You, sir, are the reason that we as Humans have not been able to find peace.
  OK, let me try and work this out. Because a cranky old poster on an ancient, barely significant site on the Internet misreads a complex post that was thrown together from several other posts by a number of people with varying degrees of competence with both language and the subject matter ....
  We're doomed?
  I'm going to have to take my posts more seriously from now on. I didn't realize how important we are.
  
  --
  Faster! Faster! Faster would be better!
12. Re:Correction... by poofmeisterp · 2015-11-15 04:44 · Score: 1
  
  You, sir, are the reason that we as Humans have not been able to find peace.
  OK, let me try and work this out. Because a cranky old poster on an ancient, barely significant site on the Internet misreads a complex post that was thrown together from several other posts by a number of people with varying degrees of competence with both language and the subject matter ....
  We're doomed?
  I'm going to have to take my posts more seriously from now on. I didn't realize how important we are.
  Your sarcasm will get you everywhere. Thanks. I love it! :)
13. Re:Correction... by Hognoxious · 2015-11-15 07:59 · Score: 1
  
  Yeah. Keep it simple.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
14. Re:Correction... by Slashdot+Junky · 2015-11-15 23:25 · Score: 1
  
  Matt Damon might still be useful. When did Good Will Hunting come out?
  
  --
  .
  Landfill Mining Co.
  Managing the (Un)natural Resources of Tomorrow
The manufacturer... by mhkohne · 2015-11-15 03:02 · Score: 4, Insightful

While I'll grant the manufacturer isn't likely to DELIBERATELY infect things, my first assumption is that the manufacturer simply has terrible security and the worm made it into the master image for all their devices.
Never assume malice where stupidity is a viable explanation.

--
A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
1. Re:The manufacturer... by rmdingler · 2015-11-15 03:15 · Score: 1
  
  Body cameras go a long way towards setting an ethical behavior policy for law enforcement divisions that employ them.
  There are multiple advantages for their universal employment, up to and including protecting good LEOs.
  But, there are probably some in law enforcement who would rather not see their implementation.
  
  --
  Happiness in intelligent people is the rarest thing I know.
  Ernest Hemingway
2. Re:The manufacturer... by radarskiy · 2015-11-15 09:32 · Score: 4, Funny
  
  "Never assume malice where stupidity is a viable explanation."
  Sufficiently advanced incompetence is indistinguishable from malice.
3. Re:The manufacturer... by Anonymous Coward · 2015-11-15 09:33 · Score: 1
  
  Why in God's name do you think that is good advice? When you lower your guard you get punched.
  America is run by corrupt politicians who are absolutely gleeful that the people at large just assume they are stupid rather than evil. We don't hold them accountable because we assume that eventually their advisers will straighten them out and it's not true. They take us for a ride, and we let them, because we think we are smarter than they are.
  We aren't.
4. Re:The manufacturer... by tlhIngan · 2015-11-15 18:53 · Score: 1
  
  While I'll grant the manufacturer isn't likely to DELIBERATELY infect things, my first assumption is that the manufacturer simply has terrible security and the worm made it into the master image for all their devices.
  In the complex world of manufacturing, there's several "manufacturers". There's the manufacturer - the guy who puts his name on the box and does all the marketing and selling. There's the design manufacturer who designed the hardware, and then the contract manufacturer who actually builds the thing, tests it, packages it up and ships it.
  Most likely, there is no "master image" - it's when the contract manufacturer goes and tests the hardware, the PC they use was infected, and subsequently gets the USB disk infected. After all, the general PC hygiene is pretty poor - if you need a PC to test, you provide the software and environment and instructions on what to do. (Sometimes, if there's special hardware and software, you may provide a PC).
  Internet access is pretty poor, so unless you want to pay for the CM's time you want it inhouse as much as possible.
Worm watches watchers by rmdingler · 2015-11-15 03:05 · Score: 1

They're blaming a middleman installation, but who benefits from a hack on body cameras?
Even if they upload to desktops at the officers local squad, these computers would likely be protected.
Who wants oversight here?

--
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
1. Re:Worm watches watchers by Antique+Geekmeister · 2015-11-15 03:16 · Score: 2
  
  > but who benefits from a hack on body cameras?
  Computer "cracking" can only occasionally be traced this way, when the crack is specific. There are _so many_ potential sources of this crack that it's not likely to be fruitful. They range from competent, targeted attacks on that specific vendor's products to gain advance knowledge of specific police departments, to NSA or other international intelligence agency style, to "Anonymous" or the older "Legion of Doom" style crackers counting coup on police security systems, to drug dealers with a gifted member or able to pay a competent cracker to plant ubiquitous monitoring on their local police department this way.
  There are too many potential candidates to isolate any of them.
Not credible by Cigaes · 2015-11-15 03:19 · Score: 1

Why would the Middleman do that? The HEYDAR can already tap into the police networks and cameras directly.
Misleading by nospam007 · 2015-11-15 03:23 · Score: 1

When I read the title, I thought they meant the wearer of the camera.
So what is the IoT angle here? by AC-x · 2015-11-15 03:34 · Score: 2

So what is the IoT angle here? As far as I can tell the malware was placed on the drive of the bodycam as a file (it's the only infection vector that makes sense in this case), and that can happen to any USB drive. While I'm sure it's possible to design a worm that can infect IoT devices, this doesn't seem to be an example of one.
Re:Conficker???!!! by Anonymous Coward · 2015-11-15 03:45 · Score: 1

I've worked around alot of cops in the US. This is how it works --
They get out of high-school and go directly into the military. They serve their 20 years then go into law enforcement (police or federal/DEA). They never held any type of civilian job, and never learned how to interact or communicate with ordinary people.
They are accustomed to being some type of upper-enlisted person like a Master Sargent or Sargent Major when they get out of the military.
The only way they know how to communicate with people is by barking at them like a dog. Civilians don't react well to this method of communication, and so the conflicts ensue.
Chinese factory networks lousy with malware by Anonymous Coward · 2015-11-15 04:00 · Score: 5, Interesting

I used to work for TomTom, who have also delivered new devices preloaded with malware, and it's quite common to find infected computers in the factories. TT devices had a USB mass storage mode and that's what was being infected. Wouldn't surprise me at all if that's what was happening in this case too...
1. Re:Chinese factory networks lousy with malware by antdude · 2015-11-15 14:52 · Score: 1
  
  Which TomTom devices? And did its mapping devices' malwares infect Mac OS X v10.5.8 from years ago?
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Bodycams run *Windows*? by Dr.Dubious+DDQ · 2015-11-15 05:15 · Score: 1

Are the cameras actually "infected" with it or do they just have copies of the install payload in their storage? I wouldn't have expected something like a small embedded camera device to actually be running Microsoft Windows. (Yes, I know there's a "Windows Embedded" and they could, I just wouldn't expect it.)

--
Hacker Public Radio is our Friend
Treat all uncertified nodes as HOSTILE/INFECTED by laurencetux · 2015-11-15 06:25 · Score: 1

unless you can scan and clean the OS image assume it has been prehacked
But it's running Windows. by Mirar · 2015-11-15 07:36 · Score: 1

"The worm is detected by almost all security vendors, but it seems that it is still being used because modern day IoT devices can't yet run security products."
I thought Conficker worked on *Windows* OS. That can run antivirus.
"but it seems that it is still being used because modern day IoT devices can't yet run security products."
I'll allow you to say this when a worm is targeting Receivers or Fridges. Or even Raspberry PI. Not when the targeted item is running Windows.
1. Re:But it's running Windows. by Mirar · 2015-11-15 07:39 · Score: 1
  
  Footnote: I work with OS-less devices (ARM7, 32kB RAM/256kB ROM). If a worm manages to target these IoT devices I will be _very_ impressed.
  It will probably happen eventually, but I _will_ be impressed.
Vendor infection... by jtara · 2015-11-15 07:39 · Score: 1

Middleman involved in the shipping are probably the cause.
Many years ago, I worked at a now-decommissioned nuclear power generating station in S. California. I did software development in the Health Physics dept.
One day I noticed that every few minutes, the PC of the developer behind me (we had "bull pen" cubes with 4 per bull-pen) would annoyingly beep.
I asked him what that was, and he said "I don't know, it just does that. I ignore it.
Turns out it was a virus. It was brought in by the local PC vendor, who one day went around from PC to PC, updating the Video BIOS of PCs equipped with a particular Matrox display card.
My PC didn't have that card. The other fellow's PC did...
It was eventually discovered, when somebody else didn't just ignore it...
This was outside of containment, and so it spread further than it would inside of containment. Due to the "what goes in, doesn't come out" policy, had the vendor updated PCs inside of containment, he would have had to have left the infected floppy disk inside. The infection would have been limited to containment.
We can all sleep better.... egad, what am I saying?!
Re:Is anyone surprised? by Applehu+Akbar · 2015-11-15 09:44 · Score: 1

"What's the purpose of the mandatory body cameras? To save lives? Ha....hardly. The purpose of the body camera is to feed data back to the NSA to train their image recognition algorithms . Thus enabling them to use the ever growing number of cameras across the USA and abroad to identify people wherever they may go."
Damn right I'm rolling my eyes and shouting. When police didn't have body cameras, you were paranoid about that, too, remember?
windows by sad_ · 2015-11-16 00:28 · Score: 1

IoT police body camera device is running windows, really? It's powerful enough for that, but not for running a security scanner.
I think conficker is the least of their problems.

--
On a long enough timeline, the survival rate for everyone drops to zero.