Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Crime Input Devices Security

Police Body Cameras Come With Pre-Installed Malware 100

An anonymous reader writes: The old Conficker worm was found on new police body cameras that were taken out of the box by security researchers from iPower Technologies. The worm is detected by almost all security vendors, but it seems that it is still being used because modern day IoT devices can't yet run security products. This allows the worm to spread, and propagate to computers when connected to an unprotected workstation. One police computer is enough to allow attackers to steal government data. The source of the infection is yet unknown. It is highly unlikely that the manufacturer would do this. Middleman involved in the shipping are probably the cause.
This discussion has been archived. No new comments can be posted.

Police Body Cameras Come With Pre-Installed Malware

Comments Filter:
  • Good netizens (Score:4, Interesting)

    by Ol Olsoc ( 1175323 ) on Sunday November 15, 2015 @10:24AM (#50934399)
    Looks like the Internet of Things is into recycling. Old virri that don't do shit on a PC can have new life on the security lacking IoT.

    Now that's socially responsible.

    • Well, the police themselves often come with malware installed (bully syndrome) so this doesn't really surprise me.

      Also, as near as I can tell, "viruses" is a perfectly acceptable term, but "virii" isn't really even a word.

      "Viruses" doesn't roll off the tongue quite as nicely, but both the Boeing and Microsoft style guides recommend it (as does Teh Google).

      • Well, the police themselves often come with malware installed (bully syndrome) so this doesn't really surprise me.

        Also, as near as I can tell, "viruses" is a perfectly acceptable term, but "virii" isn't really even a word.

        "Viruses" doesn't roll off the tongue quite as nicely, but both the Boeing and Microsoft style guides recommend it (as does Teh Google).

        Yeah - they have bad thingys on them.

        I'm now going to call viruses bad thingys.

    • Intercepting packets and installing viruses on them. Where would anyone get that idea?
  • " but it seems that it is still being used because modern day IoT devices are built pretty crappy by amateurs that don't want to make good products."

    You don't need a virus scanner on a read only OS, but you do need to have the people in charge and on the line of design and manufacture to not be complete morons.

  • by mhkohne ( 3854 ) on Sunday November 15, 2015 @11:02AM (#50934515) Homepage

    While I'll grant the manufacturer isn't likely to DELIBERATELY infect things, my first assumption is that the manufacturer simply has terrible security and the worm made it into the master image for all their devices.

    Never assume malice where stupidity is a viable explanation.

    • by radarskiy ( 2874255 ) on Sunday November 15, 2015 @05:32PM (#50936163)

      "Never assume malice where stupidity is a viable explanation."

      Sufficiently advanced incompetence is indistinguishable from malice.

    • by Anonymous Coward

      Why in God's name do you think that is good advice? When you lower your guard you get punched.

      America is run by corrupt politicians who are absolutely gleeful that the people at large just assume they are stupid rather than evil. We don't hold them accountable because we assume that eventually their advisers will straighten them out and it's not true. They take us for a ride, and we let them, because we think we are smarter than they are.

      We aren't.

    • by tlhIngan ( 30335 )

      While I'll grant the manufacturer isn't likely to DELIBERATELY infect things, my first assumption is that the manufacturer simply has terrible security and the worm made it into the master image for all their devices.

      In the complex world of manufacturing, there's several "manufacturers". There's the manufacturer - the guy who puts his name on the box and does all the marketing and selling. There's the design manufacturer who designed the hardware, and then the contract manufacturer who actually builds the t

  • They're blaming a middleman installation, but who benefits from a hack on body cameras?

    Even if they upload to desktops at the officers local squad, these computers would likely be protected.

    Who wants oversight here?

    • > but who benefits from a hack on body cameras?

      Computer "cracking" can only occasionally be traced this way, when the crack is specific. There are _so many_ potential sources of this crack that it's not likely to be fruitful. They range from competent, targeted attacks on that specific vendor's products to gain advance knowledge of specific police departments, to NSA or other international intelligence agency style, to "Anonymous" or the older "Legion of Doom" style crackers counting coup on police secur

  • Why would the Middleman do that? The HEYDAR can already tap into the police networks and cameras directly.
  • When I read the title, I thought they meant the wearer of the camera.

  • by AC-x ( 735297 ) on Sunday November 15, 2015 @11:34AM (#50934631)

    So what is the IoT angle here? As far as I can tell the malware was placed on the drive of the bodycam as a file (it's the only infection vector that makes sense in this case), and that can happen to any USB drive. While I'm sure it's possible to design a worm that can infect IoT devices, this doesn't seem to be an example of one.

  • by Anonymous Coward on Sunday November 15, 2015 @12:00PM (#50934763)

    I used to work for TomTom, who have also delivered new devices preloaded with malware, and it's quite common to find infected computers in the factories. TT devices had a USB mass storage mode and that's what was being infected. Wouldn't surprise me at all if that's what was happening in this case too...

    • by antdude ( 79039 )

      Which TomTom devices? And did its mapping devices' malwares infect Mac OS X v10.5.8 from years ago?

  • Are the cameras actually "infected" with it or do they just have copies of the install payload in their storage? I wouldn't have expected something like a small embedded camera device to actually be running Microsoft Windows. (Yes, I know there's a "Windows Embedded" and they could, I just wouldn't expect it.)
  • unless you can scan and clean the OS image assume it has been prehacked

  • "The worm is detected by almost all security vendors, but it seems that it is still being used because modern day IoT devices can't yet run security products."

    I thought Conficker worked on *Windows* OS. That can run antivirus.

    "but it seems that it is still being used because modern day IoT devices can't yet run security products."

    I'll allow you to say this when a worm is targeting Receivers or Fridges. Or even Raspberry PI. Not when the targeted item is running Windows.

    • by Mirar ( 264502 )

      Footnote: I work with OS-less devices (ARM7, 32kB RAM/256kB ROM). If a worm manages to target these IoT devices I will be _very_ impressed.
      It will probably happen eventually, but I _will_ be impressed.

  • Middleman involved in the shipping are probably the cause.

    Many years ago, I worked at a now-decommissioned nuclear power generating station in S. California. I did software development in the Health Physics dept.

    One day I noticed that every few minutes, the PC of the developer behind me (we had "bull pen" cubes with 4 per bull-pen) would annoyingly beep.

    I asked him what that was, and he said "I don't know, it just does that. I ignore it.

    Turns out it was a virus. It was brought in by the local PC vendor, who

  • by sad_ ( 7868 )

    IoT police body camera device is running windows, really? It's powerful enough for that, but not for running a security scanner.
    I think conficker is the least of their problems.

"Open the pod bay doors, HAL." -- Dave Bowman, 2001

Working...