Slashdot Mirror

← Back to Stories (view on slashdot.org)

Police Body Cameras Come With Pre-Installed Malware

Posted by timothy on from the new-problems-for-new-times dept.

An anonymous reader writes: The old Conficker worm was found on new police body cameras that were taken out of the box by security researchers from iPower Technologies. The worm is detected by almost all security vendors, but it seems that it is still being used because modern day IoT devices can't yet run security products. This allows the worm to spread, and propagate to computers when connected to an unprotected workstation. One police computer is enough to allow attackers to steal government data. The source of the infection is yet unknown. It is highly unlikely that the manufacturer would do this. Middleman involved in the shipping are probably the cause.

7 of 100 comments (clear)

  1. Good netizens by Ol+Olsoc · · Score: 3, Interesting
    Looks like the Internet of Things is into recycling. Old virri that don't do shit on a PC can have new life on the security lacking IoT.

    Now that's socially responsible.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    1. Re:Good netizens by KGIII · · Score: 2

      Oh, that's awful. I'm quasi-fluent in Spanish and I've picked up pidgin French but, worse, it's not really French. It's the bastard dialect used in Quebec. See, I live right next to it. So, I've learned to speak it - in a fashion. Thinking that this would be adequate, not too many years ago, I meandered from the UK to France via automobile (which is another story). I did not do my research and I have no idea what I actually said to those poor, innocent, French people. I don't know if I insulted them or if I just spouted gibberish.

      I guess, I'm sort of hoping for the former but I suspect it was the latter.

      It sort of stems from the days when I'd mistakenly call a fax machine or someone's modem. I'd bing, beep, and chirp back at them. I don't know what I was saying but I hoped I was printing a picture or connecting to their BBS. Lacking any pride, I'd generally keep going until the machine stopped making noises back at me. All these years and I still don't know what I said but we had a supplier who had a number that was easy to get wrong. I think their fax machine and I had a good relationship going.

      Said supplier once picked up the phone that was attached to their fax machine (as they were back then) while I was happily chirping and binging away in my office. He asked who I was, what I was doing, and so I explained. He thought that it was amusing and vowed to try it. He also told me that he'd consider trying to catch the fax machine in action in the future and trying binging, beeping, and chirping at the inbound call.

      No, I have no idea where I'm going with this. I just figured I'd share 'cause it's what I do.

      --
      "So long and thanks for all the fish."
  2. The manufacturer... by mhkohne · · Score: 4, Insightful

    While I'll grant the manufacturer isn't likely to DELIBERATELY infect things, my first assumption is that the manufacturer simply has terrible security and the worm made it into the master image for all their devices.

    Never assume malice where stupidity is a viable explanation.

    --
    A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
    1. Re:The manufacturer... by radarskiy · · Score: 4, Funny

      "Never assume malice where stupidity is a viable explanation."

      Sufficiently advanced incompetence is indistinguishable from malice.

  3. Re:Worm watches watchers by Antique+Geekmeister · · Score: 2

    > but who benefits from a hack on body cameras?

    Computer "cracking" can only occasionally be traced this way, when the crack is specific. There are _so many_ potential sources of this crack that it's not likely to be fruitful. They range from competent, targeted attacks on that specific vendor's products to gain advance knowledge of specific police departments, to NSA or other international intelligence agency style, to "Anonymous" or the older "Legion of Doom" style crackers counting coup on police security systems, to drug dealers with a gifted member or able to pay a competent cracker to plant ubiquitous monitoring on their local police department this way.

    There are too many potential candidates to isolate any of them.

  4. So what is the IoT angle here? by AC-x · · Score: 2

    So what is the IoT angle here? As far as I can tell the malware was placed on the drive of the bodycam as a file (it's the only infection vector that makes sense in this case), and that can happen to any USB drive. While I'm sure it's possible to design a worm that can infect IoT devices, this doesn't seem to be an example of one.

  5. Chinese factory networks lousy with malware by Anonymous Coward · · Score: 5, Interesting

    I used to work for TomTom, who have also delivered new devices preloaded with malware, and it's quite common to find infected computers in the factories. TT devices had a USB mass storage mode and that's what was being infected. Wouldn't surprise me at all if that's what was happening in this case too...