Police Body Cams Come Pre-Installed With Malware

Screen Shot 2015-11-15 at 10.18.41 AM

Police Body Cameras Shipped with Pre-Installed Conficker Virus

Old Windows worm resurfaces in modern IoT devices

US-based iPower Technologies has discovered that body cameras sold by Martel Electronics come pre-infected with the Conficker worm (Win32/Conficker.B!inf).

The specific line of body cameras iPower tested is the same one sold to police forces around the US, used by street patrol officers and SWAT team members in their operations.

The model, Frontline Body Camera, is attached to an officer’s chest and works by recording their activities on video, their location using a GPS tracker, and taking regular snapshots as images.

The camera records data on an internal drive, from where the officer or their supervisors can download it onto a computer via a USB cable.

According to iPower’s account, this is where they spotted the infection.

The worm comes pre-installed on new Martel Frontline Body Camera models

The company’s IT team was evaluating a new batch of body cameras they had just received from Martel, and after unwrapping and connecting one to a computer, they were alerted by their security solution of the Conficker infection.

In terms of malware, Conficker is a dinosaur when compared to current threats. Most antivirus engines detect it today, and very few criminal groups use it because of this.

If they do, they usually deploy it to help infections propagate, Conficker being very apt to quickly spread on local networks and disable local protections.

Conficker is again dangerous thanks to IoT devices

While detection rate is high, Conficker can still be very useful, especially today, with the proliferation of more and more IoT (Internet of Things) devices.

Since almost no IoT device can run security products and they are usually programmed without paying too much attention to self-protection measures, Conficker can be as effective in 2015 as it was in 2008 and 2009.

While the worm is almost useless on PCs because of the built-in security updates included with Windows a long long time ago, modern Internet-connected equipment is ripe for the taking.

iPower has said that they contacted Martel, but they did not receive an answer before going public with their findings a day later.

Below is a proof-of-concept video recorded by iPower’s team.