{"id":10845,"date":"2015-12-16T09:00:55","date_gmt":"2015-12-16T14:00:55","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=10845"},"modified":"2017-09-24T08:11:13","modified_gmt":"2017-09-24T12:11:13","slug":"infected-body-camera","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/infected-body-camera\/10845\/","title":{"rendered":"Who looks through Big Brother&#8217;s eyes"},"content":{"rendered":"<p>iPower, a company behind a cloud storage service for government agencies, was <a href=\"http:\/\/www.goipower.com\/?pageid=40\" target=\"_blank\" rel=\"noopener nofollow\">surprised to discover<\/a> a virus lurking in one of the body cameras used by policemen.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2015\/12\/06023451\/big-brothers-eyes-FB.jpg\"><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2015\/12\/06023451\/big-brothers-eyes-FB.jpg\" alt=\"Who looks through Big Brother's eyes \" width=\"1280\" height=\"1280\" class=\"aligncenter size-full wp-image-10847\"><\/a><\/p>\n<p>People are getting increasingly cautious about their rights to privacy, and to a certain extent they owe this to the known ever-pervasive government surveillance. In fact, in developed geographies, video surveillance systems are installed practically everywhere and can be used to track any person moving around a city, locating their point of departure, a subway station where they boarded the train, a station where they left the transit system, and where they headed next.<\/p>\n<p>Recently another of Big Brother\u2019s omnipresent eyes was featured on the policemen\u2019s uniform \u2013 that time, with a good intention. In theory, this extra means of surveillance was designed to decrease the now worrisome rates of police violence, by documenting all of their actions. In practice, the access to videos recorded by the little police camera could be available to both the local authorities and cybercriminals.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Police body cams found pre-installed with notorious Conficker worm <a href=\"https:\/\/t.co\/XXDBiVIfQB\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/XXDBiVIfQB<\/a> by <a href=\"https:\/\/twitter.com\/dangoodin001?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@dangoodin001<\/a><\/p>\n<p>\u2014 Ars Technica (@arstechnica) <a href=\"https:\/\/twitter.com\/arstechnica\/status\/666320588089262085?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 16, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Pundits at iPower, unexpectedly discovered the issue as they were trying to identify the server to store the surveillance data. One of the devices supplying the video recordings to the service was a Martel body camera worn by an officer. Once this body camera was connected to a computer, the antivirus squeaked. As it turned to be, the wearable camera was infected by <a href=\"https:\/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/entry.aspx?Name=Worm:Win32\/Conficker.B!inf\" target=\"_blank\" rel=\"noopener nofollow\">Win32.Conficker.B!inf<\/a>.<\/p>\n<p>Stunned by the discovery, the iPower experts started to investigate an uncovered a couple of fascinating things. First, the case was not unique: several Martel body cameras iPower managed to procure to run the test were compromised. Second, an updated PC with a fresh antivirus was instantly able to detect and quarantine the malware, but iPower did have PC running the long-end-of-life Windows XP without any antivirus protections. Having created such favorable environment for the malware, the researches started to watch what the virus was capable of.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">More connected, less secure: how we probed <a href=\"https:\/\/twitter.com\/hashtag\/IoT?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#IoT<\/a> for vulnerabilities <a href=\"https:\/\/t.co\/f4Y6iXLG8U\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/f4Y6iXLG8U<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/internetofthings?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#internetofthings<\/a> <a href=\"https:\/\/t.co\/ZwFbvGGW6G\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/ZwFbvGGW6G<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/662276796310769664?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 5, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>On installing the drivers, the PC sees the Martel camera as an ordinary detachable drive. Should it be opened with Windows Explorer, the PC is infected.<\/p>\n<p>To observe the virus\u2019 behavior and track network activity, the iPower employees used Wireshark. They found out that virus first maps the local network, bruteforces passwords to connected computers in order to infect them as well, and attempts to connect to the Internet with the same purpose. Besides, Win32.Conficker.B!inf deliberately blocks antivirus websites: on an attempt to visit an antivirus site a user would  see a \u2018Server unavailable\u2019 message.<\/p>\n<p>Many PC users must have already encountered Win32.Conficker.B!inf: it is the same autorun virus which might have caused you to disable the autorun function for good. It has no leverage on Windows 7 and higher; yet XP, Vista, Windows Server 2003 and 2008, along <a href=\"https:\/\/technet.microsoft.com\/library\/security\/ms08-067\" target=\"_blank\" rel=\"noopener nofollow\">other operation systems<\/a>, are susceptible to this malware which definitely feels at home there.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Who looks through Big Brother\u2019s eyes<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fdaj7&amp;text=+Who+looks+through+Big+Brother%26%238217%3Bs+eyes+\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>There are certain mitigation approaches. The first and the foremost, Microsoft strongly discourages consumers from using unsupported systems. Should you be wary of this recommendation, the first thing you\u2019d need to do is to install a robust antivirus solution. Any decent antivirus is able to detect the malware. Second, you should scan all detachable storage for viruses, and third, you should disable the autorun function.<\/p>\n<p>iPower, in fact, did the right thing. The experts recorded a Discovery Channel-styled video depicting the virus\u2019 behavior, which is available here:<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/o3YR4dGoAqE?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>But they went a bit far than just uploading a video onto YouTube and a file onto Virus Total, and wrote a blog to attract more attention to the issue. It\u2019s quite understandable, given the IoT becomes more and more pervasive, and the majority of the devices are produced in China where anything can happen. <\/p>\n<p>The conclusion here is that the responsibility for security of wearables should be expanded to include both OEMs and designers. Unfortunately, the problem of security remains woefully overlooked by all. For example, the iPower researchers contacted Martel in the first instance, but never succeeded to get in touch with the company.  <\/p>\n<p>Many would state that total surveillance can do us good in terms of, say, terrorist attack prevention. People even resort to arguing that <a href=\"https:\/\/www.kaspersky.com\/blog\/golden-key-encryption\/10725\/\" target=\"_blank\" rel=\"noopener nofollow\">the master key to any encryption protocol should be granted to the authorities<\/a>. <\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Clavis Aurea, or Does the \u201cGolden Key\u201d actually solve <a href=\"https:\/\/twitter.com\/hashtag\/encryption?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#encryption<\/a> issues? <a href=\"https:\/\/t.co\/S2YayOnvms\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/S2YayOnvms<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/netsec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#netsec<\/a> <a href=\"https:\/\/t.co\/I41GTw4FUK\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/I41GTw4FUK<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/672435084893552640?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">December 3, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>But who would assure that these \u2018golden keys\u2019, as well was the access to the video data from police\u2019s body cameras, would not end up in the wrong hands?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A system integrator discovered a virus lurking in a policeman\u2019s body camera<\/p>\n","protected":false},"author":40,"featured_media":10846,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2683],"tags":[1341,1339,36,772,422,1340],"class_list":{"0":"post-10845","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-body-cameras","10":"tag-conficker","11":"tag-malware-2","12":"tag-police","13":"tag-threats","14":"tag-worms"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/infected-body-camera\/10845\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/infected-body-camera\/6424\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/infected-body-camera\/6470\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/infected-body-camera\/7393\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/infected-body-camera\/10123\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/infected-body-camera\/6615\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/infected-body-camera\/9852\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/infected-body-camera\/10123\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/infected-body-camera\/10845\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/infected-body-camera\/10845\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/body-cameras\/","name":"body cameras"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10845","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=10845"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10845\/revisions"}],"predecessor-version":[{"id":18849,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10845\/revisions\/18849"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/10846"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=10845"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=10845"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=10845"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}