D-Link, a Taiwanese networking equipment company, accidentally published the code that the company signs its software in its source code firmware.
A Norwegian developer known as bartvbl recently bought a surveillance camera (DCS-5020L) from the company, and while inspecting his firmware source code, he discovered four keys that the company signed the software he is developing.
[Pullquote] Malware virtually invisible of any kind anti-virus[/ pullquote]After many experiments with the keys, he managed to create a Windows application, which he signed with one of the four keys.
So the application seemed to come from D Link. The other three keys do not seem to be valid.
Norwegian developer's discovery was confirmed by security firm Fox-IT on the Dutch technology website Tweakers:
"Το πιστοποιητικό υπογραφής είναι πράγματι από ένα πακέτο λογισμικού, με version firmware 1.00b03, το οποίο κυκλοφόρησε την 27η Φεβρουαρίου του τρέχοντος έτους."
Meanwhile, the Taiwanese company has revoked this certificate and is starting to distribute new firmware versions that obviously do not contain a key to signing the code.
Let's mention that if these keys had ended up in someone's hands malicioususer, would enable him to create and distribute malware that could pass as an official application of D-Link.
So it would be virtually invisible from any kind of anti-virus.
