Police body cams found pre-installed with notorious Conficker worm

November 16, 2015 in News by RBN

Ars Technica | Dan Goodin

One of the world’s most prolific pieces of malware is found in cams from Martel

One of the world’s most prolific computer worms has been found infecting several police body cameras that were sent to security researchers, the researchers reported.

According to a blog post published last week by security firm iPower, multiple police cams manufactured by Martel Electronics came pre-installed with Win32/Conficker.B!inf. When one such camera was attached to a computer in the iPower lab, it immediately triggered the PC’s antivirus program. When company researchers allowed the worm to infect the computer, the computer then attempted to spread the infection to other machines on the network.

“iPower initiated a call and multiple emails to the camera manufacturer, Martel, on November 11th 2015,” the researchers wrote in the blog post. “Martel staff has yet to provide iPower with an official acknowledgement of the security vulnerability. iPower President, Jarrett Pavao, decided to take the story public due to the huge security implications of these cameras being shipped to government agencies and police departments all over the country.”

Over 15 million served

Alternately known as Downup, Downadup, and Kido, Conficker took hold in late 2008, a few days after Microsoft issued an emergency patch for a Windows vulnerability that allows self-replicating exploits. Within a few months, Conficker had enslaved as many as 15 million Windows PCs. Its sprawling botnet of infected machines eluded the vigorous takedown efforts of the Conficker working group, which was made up of Microsoft and more than a dozen partners in the security and domain registration industries.

Conficker was especially hard to contain because it used a variety of advanced methods to self-propagate, including exploiting weaknesses in the Windows autostart feature when users inserted USB drives into their computers. The malware also generated hundreds of pseudo-random domain names each day that infected machines could contact to receive new instructions. The scheme allowed the botnet to survive even when old domain names were turned over to the working group. There are at least five significant variations of Conficker that are denoted with the letters A through E.

To this day, researchers aren’t sure what the purpose of the malware was. Remarkably, Conficker’s unknown operators were never observed using the worm to steal bank account credentials, passwords, or any other type of personal data from the PCs they infected. In 2009, Microsoft offered a $250,000 reward for information leading to the conviction of those responsible for the menace.

A report that police cameras are shipping with Conficker.B preinstalled is testament to the worm’s relentlessness. It’s also troubling because the cameras can be crucial in criminal trials. If an attorney can prove that a camera is infected with malware, it’s plausible that the vulnerability could be grounds for the video it generated to be thrown out of court, or at least to create reasonable doubt in the minds of jurors. Infected cameras can also infect and badly bog down the networks of police forces, some of which still use outdated computers and ineffective security measures.