D-Link, a Taiwanese networking company, has inadvertently posted the company's firmware code to its firmware source code.
A Norwegian developer known as bartvbl recently purchased a surveillance camera (the DCS-5020L) from the company, and while inspecting its firmware source code, he discovered four wrenches which the company signs the software it develops.
[Pullquote] Malware virtually invisible to any kind of anti-virus[/ pullquote]After many experiments with the keys, he managed to create a Windows application, which he signed with one of the four keys.
So the application seemed to come from D Link. The other three keys do not seem to be valid.
Η discovery του Νορβηγού προγραμματιστή επιβεβαιώθηκαν από εταιρεία ασφαλείας Fox-IT στην ολλανδική ιστοσελίδα technology Tweakers:
"The signature certificate is actually from a software package, firmware version 1.00b03, which was released on February 27 this year."
Meanwhile, the Taiwanese company has revoked this certificate and is starting to distribute new firmware versions that obviously do not contain a key to signing the code.
Let's say that if these keys had ended up in the hands of a malicious user, they would enable him to create and distribute malicious software that could pass as a formal application D-Link.
So it would be virtually invisible from any kind of anti-virus.