Police Body Cameras Come With Pre-Installed Malware 100
An anonymous reader writes: The old Conficker worm was found on new police body cameras that were taken out of the box by security researchers from iPower Technologies. The worm is detected by almost all security vendors, but it seems that it is still being used because modern day IoT devices can't yet run security products. This allows the worm to spread, and propagate to computers when connected to an unprotected workstation. One police computer is enough to allow attackers to steal government data. The source of the infection is yet unknown. It is highly unlikely that the manufacturer would do this. Middleman involved in the shipping are probably the cause.
Good netizens (Score:4, Interesting)
Now that's socially responsible.
Re: (Score:2)
Viri is man, not virri. This doesn't make them right, but, well... If you don't know Latin then...
And no, I don't agree (and I'm assuming you don't either) that viri should be even considered a 'non-standard' use by sites like Wiktionary. Vir is man. However, Wiktionary now has it listed under "English." Which means, well, something... *sighs* I guess it's better than the last site that I checked which had it listed under Latin still.
Anyhow, no, 'virri' means nothing. At least not in any language I'm famili
Re: (Score:1)
Viri is man, not virri. This doesn't make them right, but, well... If you don't know Latin then...
And no, I don't agree (and I'm assuming you don't either) that viri should be even considered a 'non-standard' use by sites like Wiktionary. Vir is man. However, Wiktionary now has it listed under "English." Which means, well, something... *sighs* I guess it's better than the last site that I checked which had it listed under Latin still.
Anyhow, no, 'virri' means nothing. At least not in any language I'm familiar with (it probably does, somewhere). But virri most certainly does not mean 'man.'
Viruses.
It never ceases to amaze this old man how people can get wrapped around teh axle about simple shit like this.
And I spelled the as teh so as to piss the spelling cops off.
There are more important things to get pissed off about , like Starbucks latest coffee cup.
Re: (Score:2)
I figured that I'd use my little Latin to make them aware that they were wrong in their correction of your post. ;-) I understood you, well enough. Then again, my Latin is terrible. It does mean that I do manage well enough if I don't know a word in Spanish, so there's that.
Re: (Score:2)
I figured that I'd use my little Latin to make them aware that they were wrong in their correction of your post. ;-) I understood you, well enough. Then again, my Latin is terrible. It does mean that I do manage well enough if I don't know a word in Spanish, so there's that.
I made the mistake of taking both Spanish and French. And use them little enough that I slip seamlessly from one to the other in conversations. Maybe that's why the native speakers laugh at me some times. "Franish', or "Spench" I guess.
Re: (Score:3)
Oh, that's awful. I'm quasi-fluent in Spanish and I've picked up pidgin French but, worse, it's not really French. It's the bastard dialect used in Quebec. See, I live right next to it. So, I've learned to speak it - in a fashion. Thinking that this would be adequate, not too many years ago, I meandered from the UK to France via automobile (which is another story). I did not do my research and I have no idea what I actually said to those poor, innocent, French people. I don't know if I insulted them or if I
Re: (Score:2)
Well yeah, don't we all? If not then why would we be posting? If we didn't want attention, if we didn't think our opinions were valid or interesting, if we didn't want to share, if we didn't want to learn, then why would we bother? I, for one, do want attention - for a whole host of reasons. I like to share, I like to learn, I like to throw ideas out there and let people improve on them, I like to hear other opinions so I'll start a conversation, and more.
You say that as if it is a bad thing. I don't really
Re: (Score:2)
Well, the police themselves often come with malware installed (bully syndrome) so this doesn't really surprise me.
Also, as near as I can tell, "viruses" is a perfectly acceptable term, but "virii" isn't really even a word.
"Viruses" doesn't roll off the tongue quite as nicely, but both the Boeing and Microsoft style guides recommend it (as does Teh Google).
Re: (Score:2)
Well, the police themselves often come with malware installed (bully syndrome) so this doesn't really surprise me.
Also, as near as I can tell, "viruses" is a perfectly acceptable term, but "virii" isn't really even a word.
"Viruses" doesn't roll off the tongue quite as nicely, but both the Boeing and Microsoft style guides recommend it (as does Teh Google).
Yeah - they have bad thingys on them.
I'm now going to call viruses bad thingys.
Re: (Score:2)
Bad Thingys or Bad Thingies?
Re: (Score:2)
"What's the purpose of the mandatory body cameras? To save lives? Ha....hardly. The purpose of the body camera is to feed data back to the NSA to train their image recognition algorithms . Thus enabling them to use the ever growing number of cameras across the USA and abroad to identify people wherever they may go."
Damn right I'm rolling my eyes and shouting. When police didn't have body cameras, you were paranoid about that, too, remember?
Re: (Score:2)
Correction... (Score:2)
" but it seems that it is still being used because modern day IoT devices are built pretty crappy by amateurs that don't want to make good products."
You don't need a virus scanner on a read only OS, but you do need to have the people in charge and on the line of design and manufacture to not be complete morons.
Re: (Score:2)
Read only OS? LOL. You need to patch that thing live to the promised features that didn't meet the delivery date. Nobody want to take them offline, remount read-write and patch individual devices one at the time.
... and then when you don't want to do that but have to, it's a perfect time for Mr. Shady and his crew to slip changes in that weren't approved. CUZYANEEDTAHURRYNOWNOWNOWNOW!
Re: (Score:2)
ROTFL LOL! ZOMG!
I love it when people like you that have absolutely no clue how things work try and post your troll responses. Yes a READ ONLY OS is incredibly easy to do and GASP is done daily. I suggest you read up on how a live CD/DVD works or how a BLuRay player runs linux.
The Herp Derp is very strong in you, Keep working on it.
Re: (Score:2)
Dammit Slashdot, It applied my response to the grandchild and not the parent again.
This belongs to the "read only OS LOL" fool
Re: (Score:2)
Dammit Slashdot, It applied my response to the grandchild and not the parent again.
This belongs to the "read only OS LOL" fool
Oh. I lesson learned. Wait ten minutes to see if a retraction is posted before replying. Now that's inefficient. Damnit. Where's the "Undo" function after a post, 30 second time limit (or something like that). Did Google patent that? *sigh*
Imaginary handshake coming your way.
Re: (Score:2)
ROTFL LOL! ZOMG!
I love it when people like you that have absolutely no clue how things work try and post your troll responses. Yes a READ ONLY OS is incredibly easy to do and GASP is done daily. I suggest you read up on how a live CD/DVD works or how a BLuRay player runs linux.
The Herp Derp is very strong in you, Keep working on it.
I love how you, like other "I'm so smart" pundits, like to read what you want into comments to have your "I'm smarter" reply.
I'm aware of all of that, Mr. Smart. I'm referring to what would happen if the read-only aspect were removed. Why do you think I quoted only that portion in my reply to the parent?
In the future, you might want to try reading portions of quotes that were specifically responded to, and read it over more than once to see if you're missing something. Assuming you can jump right on an i
Re: (Score:2)
You, sir, are the reason that we as Humans have not been able to find peace.
OK, let me try and work this out. Because a cranky old poster on an ancient, barely significant site on the Internet misreads a complex post that was thrown together from several other posts by a number of people with varying degrees of competence with both language and the subject matter ....
We're doomed?
I'm going to have to take my posts more seriously from now on. I didn't realize how important we are.
Re: (Score:2)
You, sir, are the reason that we as Humans have not been able to find peace.
OK, let me try and work this out. Because a cranky old poster on an ancient, barely significant site on the Internet misreads a complex post that was thrown together from several other posts by a number of people with varying degrees of competence with both language and the subject matter ....
We're doomed?
I'm going to have to take my posts more seriously from now on. I didn't realize how important we are.
Your sarcasm will get you everywhere. Thanks. I love it! :)
Re: (Score:2)
You move the jumper and flash the update just like you always have done in well designed professional devices.
Re: (Score:2)
Could also have an area for updates to be placed that is read on boot and does cryptographic verification of the updates, if a physical switch isn't acceptable for one reason or another. Or something similar to taste.
Re: (Score:2)
Yeah. Keep it simple.
Re: (Score:2)
I had a plotter in the office that had a real button on the side that you held while power cycling it. One could then fiddle with the OS bits if one were able to do so. I did read the manual and did, technically, make a few adjustments but I put them back afterwards. If I recall correctly, it was all in some bastard assembly with a bunch of what I can only called pidgin hex. I may not be recalling properly. My attempt to fix the bug was unsuccessful but it was not a crippling bug so it never got fixed. The
Re: (Score:1)
Have you tried contacting Matt Damon?
Re: (Score:2)
Heh... No... This would have been 1995 or so.
Re: (Score:2)
Matt Damon might still be useful. When did Good Will Hunting come out?
The manufacturer... (Score:5, Insightful)
While I'll grant the manufacturer isn't likely to DELIBERATELY infect things, my first assumption is that the manufacturer simply has terrible security and the worm made it into the master image for all their devices.
Never assume malice where stupidity is a viable explanation.
Re: (Score:2)
There are multiple advantages for their universal employment, up to and including protecting good LEOs.
But, there are probably some in law enforcement who would rather not see their implementation.
Re:The manufacturer... (Score:5, Funny)
"Never assume malice where stupidity is a viable explanation."
Sufficiently advanced incompetence is indistinguishable from malice.
Re: (Score:1)
Why in God's name do you think that is good advice? When you lower your guard you get punched.
America is run by corrupt politicians who are absolutely gleeful that the people at large just assume they are stupid rather than evil. We don't hold them accountable because we assume that eventually their advisers will straighten them out and it's not true. They take us for a ride, and we let them, because we think we are smarter than they are.
We aren't.
Re: (Score:2)
In the complex world of manufacturing, there's several "manufacturers". There's the manufacturer - the guy who puts his name on the box and does all the marketing and selling. There's the design manufacturer who designed the hardware, and then the contract manufacturer who actually builds the t
Worm watches watchers (Score:2)
Even if they upload to desktops at the officers local squad, these computers would likely be protected.
Who wants oversight here?
Re: (Score:3)
> but who benefits from a hack on body cameras?
Computer "cracking" can only occasionally be traced this way, when the crack is specific. There are _so many_ potential sources of this crack that it's not likely to be fruitful. They range from competent, targeted attacks on that specific vendor's products to gain advance knowledge of specific police departments, to NSA or other international intelligence agency style, to "Anonymous" or the older "Legion of Doom" style crackers counting coup on police secur
Not credible (Score:1)
Misleading (Score:2)
When I read the title, I thought they meant the wearer of the camera.
Re: (Score:1)
I've worked around alot of cops in the US. This is how it works --
They get out of high-school and go directly into the military. They serve their 20 years then go into law enforcement (police or federal/DEA). They never held any type of civilian job, and never learned how to interact or communicate with ordinary people.
They are accustomed to being some type of upper-enlisted person like a Master Sargent or Sargent Major when they get out of the military.
The only way they know how to communicate with peop
So what is the IoT angle here? (Score:3)
So what is the IoT angle here? As far as I can tell the malware was placed on the drive of the bodycam as a file (it's the only infection vector that makes sense in this case), and that can happen to any USB drive. While I'm sure it's possible to design a worm that can infect IoT devices, this doesn't seem to be an example of one.
Chinese factory networks lousy with malware (Score:5, Interesting)
I used to work for TomTom, who have also delivered new devices preloaded with malware, and it's quite common to find infected computers in the factories. TT devices had a USB mass storage mode and that's what was being infected. Wouldn't surprise me at all if that's what was happening in this case too...
Re: (Score:2)
Which TomTom devices? And did its mapping devices' malwares infect Mac OS X v10.5.8 from years ago?
Bodycams run *Windows*? (Score:2)
Treat all uncertified nodes as HOSTILE/INFECTED (Score:2)
unless you can scan and clean the OS image assume it has been prehacked
But it's running Windows. (Score:2)
"The worm is detected by almost all security vendors, but it seems that it is still being used because modern day IoT devices can't yet run security products."
I thought Conficker worked on *Windows* OS. That can run antivirus.
"but it seems that it is still being used because modern day IoT devices can't yet run security products."
I'll allow you to say this when a worm is targeting Receivers or Fridges. Or even Raspberry PI. Not when the targeted item is running Windows.
Re: (Score:2)
Footnote: I work with OS-less devices (ARM7, 32kB RAM/256kB ROM). If a worm manages to target these IoT devices I will be _very_ impressed.
It will probably happen eventually, but I _will_ be impressed.
Vendor infection... (Score:2)
Many years ago, I worked at a now-decommissioned nuclear power generating station in S. California. I did software development in the Health Physics dept.
One day I noticed that every few minutes, the PC of the developer behind me (we had "bull pen" cubes with 4 per bull-pen) would annoyingly beep.
I asked him what that was, and he said "I don't know, it just does that. I ignore it.
Turns out it was a virus. It was brought in by the local PC vendor, who
windows (Score:2)
IoT police body camera device is running windows, really? It's powerful enough for that, but not for running a security scanner.
I think conficker is the least of their problems.