A body camera that has been marketed specifically for official police use has been found shipping devices with pre-installed malware known as the Conficker worm.
Jarrett Pavao, owner if iPower Technologies is the one who discovered the malware and still hasn’t heard back from Martel Electronics of California, the makers of the Martel Frontline Camera. Last week Pavao purchased two of the $499 body cameras and was nothing but appalled at what he found upon plugging them in.
“We plugged the first one in, and our antivirus and firewall went nuts detecting Conficker,” Pavao said. “We thought it was a false positive, that there was no way a new camera would have this embedded in it. We submitted the sample to VirusTotal and was run through 40 filters, all of them said it was Conficker. We said ‘This is crazy.’”
Pavao then decided to test the second camera on a virtual machine in a lab setting while running Wireshark, a network sniffer that allows you to monitor what is going on that specific network.
“Out of the box it started hitting other machines on our lab network, breaking into network shares, trying brute-force attacks,” Pavao explained. “It reached out to IPs in China and Brazil as well.”
Pavao recorded his findings alongside the full Wireshark rundown in hopes of getting in contact with the company. After reaching out via email and phone call, Pavao was assisted by a low-level support tech, but the manufacturer, who has been in business for over three decades, still did no believe Pavao.
“They said: ‘There’s no way this can happen,” Pavao explained. “They didn’t think there was any software in the camera.”
Martel actually ships its software on a separate CD that allows body camera owners to transfer files between the camera and PC. Pavao tried explaining to the company that the problem stemmed from software embed within the body camera itself.
“Martel claims they make all their cameras themselves,” Pavao said. “But I’ve got to guess it has something to do with the storage media in the cameras. They’re probably made somewhere with no quality control.”
This isn’t the first time we’ve seen pre-infected hardware shipped by manufactures, however it is entirely possible that the hardware was intercepted during shipment and infected in hopes of compromising a specific target. But given that the infection was Conficker, a seven-year-old piece of malware that has since been contained, this is likely not so sinister.
“Probably the storage medium in these things, wherever they’re sourcing parts from, was loaded with the virus for so long and now it’s in these cameras,” Pavao speculated.
Conficker debuted itself in 2008 and managed to shake security researchers on April Fool’s day 2009 with a massive update that caused panic among many. As it turned out, the update pushed was just a new configuration for its command-and-control infrastructure. Regardless, Conficker made its mark as an aggressive network-based malware that was primarily used to steal credentials, exploit Windows vulnerabilities and move through the network via shared network drives. Years ago Microsoft patched the exploit Conficker worm was abusing, however for a long time after the malware continued to try and exploit unpatched systems.
“If products are being produced in offshore locations, what responsibilities lie with the manufacturer to guarantee our safety? Ultimately, the public has to understand that pretty much any device we use today that connects to the Internet or a computer, has the potential to be compromised,” Pavao wrote in his blog post published last week. “This discovery has a huge impact, as these devices are being shipped every day to our law enforcement agencies.”
Martel Electronics of California has kept complete silence on topic, denying all media inquiries, however we will keep you updated as the story unfolds.