​Crooks use old-school Conficker virus to infect police body cams

Suggestions that police body cams have shipped with Conficker malware shows how careful device manufacturers must be, especially given the growth in the Internet of Things.

Image: iStock

Numerous Android smartphones from China have been found to ship with malware, but a Florida-based network integrator now says it has bought police body cams containing a virus.

Jarrett Pavao and Charles Auchinleck of the IT integrator iPower Technologies said they have discovered the infamous Conficker virus pre-installed on two Frontline police body cameras from Martel Electronics.

iPower, which is working on a cloud-based storage system for government agencies and police departments to store and search camera video, said it discovered the malware after testing two of the $499 body cams it had ordered. The malware infected PCs physically connected to the body cams.

iPower's Pavao said the malware finding was an important reminder that device manufacturers should maintain "stringent security protocols", particularly emerging IoT manufacturers.

"If products are being produced in offshore locations, what responsibilities lie with the manufacturer to guarantee our safety?" he asked.

How malware writers' laziness is helping one startup predict attacks before they even happen

Siemens is impressed at what Israeli security startups CyActive can do – developing ways of mitigating attacks before they can take place.

Read More

"Ultimately, the public has to understand that pretty much any device we use today that connects to the internet or a computer, has the potential to be compromised."

Martel has sold its equipment to law enforcement agencies around the US for the past 20 years, according to its website.

Its Frontline cam is clipped to the chest of an officer's uniform and captures video, stills and location data that are recorded to an internal drive. From there, data can be transferred to a computer via a USB cable or wirelessly uploaded to a remote PC or server.

Conficker was a major concern a few years ago, mostly for Windows devices. It was thought to have taken advantage of a bug Microsoft patched in 2008 that allowed a remote compromise of a vulnerable machine over a local-area network.

A huge containment effort led by the Conficker Working Group sought to sinkhole the botnet and shut down a complex randomised domain-name scheme that kept its control system afloat.

As ZDNet noted at the time, even after this effort the malware could still propagate through spam and network shares.

The second method is what iPower appears to have discovered Conficker doing after the body cam was connected to a PC, which triggered a detection from its antivirus software.

It's not clear what operating system Martel's device is running on, but given that Conficker is a Windows virus the body cam is probably delivering the threat to a PC rather than being compromised itself.

"In the iPower virtual lab environment, packet captures were also run on the infected PC to view the viruses' network activity using Wireshark," the company said.

"The virus, classified as a worm virus, immediately started to attempt to spread to other machines on the iPower lab network, and also attempted several phone home calls to internet sites."

iPower said it reported the issue to Martel last week on November 11 but has yet to receive an official acknowledgement of its report. It published its report on November 12.

ZDNet has asked Martel Electronics for its response to the report and will update the story if it receives an answer.

Read more on Conficker malware