I saw in the intelligence and threat briefing the other day that police body cameras pre-infected with the dangerous Conficker worm had been discovered. Once these cameras were connected to a computer, the worm attempted to spread to other machines on the network and to communicate with a command and control system. Great! Lots of juicy, salable information on a police network to be harvested. How about offering to sell informants to the criminals they are informing on? Bet the bad guys would pay plenty! Or, if you become well entrenched in the network, how about starting an intelligence service? You could keep the bad guys well informed about what the police are up to. Bet the bad guys would pay plenty for that too!
This isn’t the first time something like this has happened by any means. Every now and again we hear stories about phones, networking switches, computers, mother boards and lots of other products that come pre-infected with some kind of Malware. Unfortunately, it seems that this is happening more and more often and shows no signs of slowing down.
The big reason behind this trend is that it works. How many of us ever even think that our new toys may not be safe? After all, they are brand new from the factory, and the boxes they are packed in have never been opened before. And it’s not just cyber-equipment that may be infected. Increasingly, just about everything we buy or use has a computer in it, and many of these products are made to run over a network as well.
So, say you buy a new smart TV and it has come complete with some kind of Malware installed. Chances are you have a wireless network in your home, and all the family’s computers, smart phones and other devices hook up to it. Even people that come to visit probably log onto your wireless network. You do home banking, write emails, chat, do all kinds of private things on this network. But, thanks to your new TV, all that is secret no more!
The point is, it’s time we start paying more attention to this attack vector and begin doing something about it. We should ensure that we have mechanisms in place to test new products before we hook them into our systems. We should also put regulations and processes in place to ensure that manufacturers test their products for computer bugs before they are allowed to ship them.