D-Link, a Taiwanese networking company, has inadvertently posted the company's firmware code to its firmware source code.
A Norwegian developer known as bartvbl recently bought a camera surveillance system (the DCS-5020L) from the company, and while inspecting its firmware source code, he discovered four keys that the company signs the software it develops.
[Pullquote] Malware virtually invisible from any kind of anti-virus[/ pullquote]After much experimentation with the keys, he managed to create one application of Windows, which he signed with one of the four keys.
So the application seemed to come from D Link. The other three keys do not seem to be valid.
Norwegian developer's discovery was confirmed by security firm Fox-IT on the Dutch technology website Tweakers:
"The certificate υπογραφής είναι πράγματι από ένα πακέτο λογισμικού, με version firmware 1.00b03, which was released on February 27 of this year.”
Meanwhile, the Taiwanese company has revoked this certificate and is starting to distribute new firmware versions that obviously do not contain a key to signing the code.
Let's say that if these keys had ended up in the hands of a malicious user, they would enable him to create and distribute malicious software that could pass as a formal application D-Link.
So it would be virtually invisible from any kind of anti-virus.