iPower, a company behind a cloud storage service for government agencies, was surprised to discover a virus lurking in one of the body cameras used by policemen.
People are getting increasingly cautious about their rights to privacy, and to a certain extent they owe this to the known ever-pervasive government surveillance. In fact, in developed geographies, video surveillance systems are installed practically everywhere and can be used to track any person moving around a city, locating their point of departure, a subway station where they boarded the train, a station where they left the transit system, and where they headed next.
Recently another of Big Brother’s omnipresent eyes was featured on the policemen’s uniform – that time, with a good intention. In theory, this extra means of surveillance was designed to decrease the now worrisome rates of police violence, by documenting all of their actions. In practice, the access to videos recorded by the little police camera could be available to both the local authorities and cybercriminals.
Police body cams found pre-installed with notorious Conficker worm https://t.co/XXDBiVIfQB by @dangoodin001
— Ars Technica (@arstechnica) November 16, 2015
Pundits at iPower, unexpectedly discovered the issue as they were trying to identify the server to store the surveillance data. One of the devices supplying the video recordings to the service was a Martel body camera worn by an officer. Once this body camera was connected to a computer, the antivirus squeaked. As it turned to be, the wearable camera was infected by Win32.Conficker.B!inf.
Stunned by the discovery, the iPower experts started to investigate an uncovered a couple of fascinating things. First, the case was not unique: several Martel body cameras iPower managed to procure to run the test were compromised. Second, an updated PC with a fresh antivirus was instantly able to detect and quarantine the malware, but iPower did have PC running the long-end-of-life Windows XP without any antivirus protections. Having created such favorable environment for the malware, the researches started to watch what the virus was capable of.
More connected, less secure: how we probed #IoT for vulnerabilities https://t.co/f4Y6iXLG8U #internetofthings pic.twitter.com/ZwFbvGGW6G
— Kaspersky (@kaspersky) November 5, 2015
On installing the drivers, the PC sees the Martel camera as an ordinary detachable drive. Should it be opened with Windows Explorer, the PC is infected.
To observe the virus’ behavior and track network activity, the iPower employees used Wireshark. They found out that virus first maps the local network, bruteforces passwords to connected computers in order to infect them as well, and attempts to connect to the Internet with the same purpose. Besides, Win32.Conficker.B!inf deliberately blocks antivirus websites: on an attempt to visit an antivirus site a user would see a ‘Server unavailable’ message.
Many PC users must have already encountered Win32.Conficker.B!inf: it is the same autorun virus which might have caused you to disable the autorun function for good. It has no leverage on Windows 7 and higher; yet XP, Vista, Windows Server 2003 and 2008, along other operation systems, are susceptible to this malware which definitely feels at home there.
Who looks through Big Brother’s eyes
Tweet
There are certain mitigation approaches. The first and the foremost, Microsoft strongly discourages consumers from using unsupported systems. Should you be wary of this recommendation, the first thing you’d need to do is to install a robust antivirus solution. Any decent antivirus is able to detect the malware. Second, you should scan all detachable storage for viruses, and third, you should disable the autorun function.
iPower, in fact, did the right thing. The experts recorded a Discovery Channel-styled video depicting the virus’ behavior, which is available here:
But they went a bit far than just uploading a video onto YouTube and a file onto Virus Total, and wrote a blog to attract more attention to the issue. It’s quite understandable, given the IoT becomes more and more pervasive, and the majority of the devices are produced in China where anything can happen.
The conclusion here is that the responsibility for security of wearables should be expanded to include both OEMs and designers. Unfortunately, the problem of security remains woefully overlooked by all. For example, the iPower researchers contacted Martel in the first instance, but never succeeded to get in touch with the company.
Many would state that total surveillance can do us good in terms of, say, terrorist attack prevention. People even resort to arguing that the master key to any encryption protocol should be granted to the authorities.
Clavis Aurea, or Does the “Golden Key” actually solve #encryption issues? https://t.co/S2YayOnvms #netsec pic.twitter.com/I41GTw4FUK
— Kaspersky (@kaspersky) December 3, 2015
But who would assure that these ‘golden keys’, as well was the access to the video data from police’s body cameras, would not end up in the wrong hands?