Hidden Virus Discovered in Martel Police Body Camera

November 12th, 2015

iPower Technologies, a Boca Raton based network integrator, discovered the following security vulnerability in the Martel Frontline Camera with GPS.  This product is sold and marketed as a body camera for official police department use.  iPower is currently working to develop a cloud based video storage system for government agencies and police departments to store and search camera video.

Here's a video of our discovery:


During testing and evaluation of the Martel Electronics product, Jarrett Pavao and Charles Auchinleck, discovered that multiple body cameras had been shipped to iPower preloaded with the Win32/Conficker.B!inf worm virus. 

When the camera was connected to a computer, iPower's antivirus software immediately caught the virus and quarantined it.  However, if the computer did not have antivirus actively protecting the computer it would automatically run and start propagating itself through the network and internet. iPower staff proceeded to test the virus in a virtual lab environment, and did confirm that the virus was not a false positive.  iPower uploaded the files to Virus Total, a web based application designed to test computer files for viruses and the site verified iPower's findings.

In the iPower virtual lab environment, packet captures were also run on the infected PC to view the viruses' network activity using Wireshark.  The virus, classified as a worm virus, immediately started to attempt to spread to other machines on the iPower lab network, and also attempted several phone home calls to internet sites.



iPower initiated a call and multiple emails to the camera manufacturer, Martel on November 11th 2015. Martel staff has yet to provide iPower with an official acknowledgement of the security vulnerability.  iPower President, Jarrett Pavao, decided to take the story public due to the huge security implications of these cameras being shipped to government agencies and police departments all over the country. President of iPower, Jarrett Pavao had this to say: 

"Working in IT everyday we are always exposed to the next great threat.  We read about it and see it everyday in the computer networks we are tasked to protect for our customer base.  That being said, as the Internet of Things continues to grow into every device we use in our businesses and home lives each day, it becomes even more important that manufactures have stringent security protocols.  If products are being produced in offshore locations, what responsibilities lie with the manufacturer to guarantee our safety?  Ultimately, the public has to understand that pretty much any device we use today that connects to the internet or a computer, has the potential to be compromised.  This discovery has a huge impact, as these devices are being shipped every day to our law enforcement agencies."

Below you will find details on the iPower findings:

Purchase Receipt from Martel Electronics.
MartelCameraOrder.pdf

Prevention
The problem we see in the field is that business units today are still working with antiquated technologies.  Many businesses still run Windows XP and use dated, traditional firewalls to protect their networks.  iPower Technologies is a Dell Premier Partner, and leverages Sonicwall Next Generation Firewalls to protect its customer base.  Sonicwall Next Generation firewalls have multiple security features including the ability to inspect encrypted traffic.  iPower also incorporates inspection technology on the LAN using Sonicwall Next Generation Firewalls.  Here is a design example of how to prevent a virus or worm like Conficker from spreading from a PC to your servers:




If you are interested in learning more about iPower Technologies and their security offerings, please contact us via email at [email protected] or call us today at 1-877-832-3181

Contact Us

Dell Microsoft Vmware Citrix Symantec Watch guard