D-Link, a Taiwanese company networking equipment, accidentally published the code that the company signs its software, in its source code firmware.
A Norwegian developer known as bartvbl recently bought a surveillance camera (DCS-5020L) from the company, and while inspecting his firmware source code, he discovered four keys that the company signed the software he is developing.
[Pullquote] Malware virtually invisible from any kind of anti-virus[/ pullquote]After many experiments with the keys, he managed to create a Windows application, which he signed with one of the four keys.
So the application seemed to come from D Link. The other three keys do not seem to be valid.
Η discovery του Νορβηγού προγραμματιστή επιβεβαιώθηκαν από εταιρεία security Fox-IT στην ολλανδική ιστοσελίδα technologyς Tweakers:
"Το πιστοποιητικό υπογραφής είναι πράγματι από ένα πακέτο λογισμικού, με έκδοση firmware 1.00b03, το οποίο κυκλοφόρησε την 27η Φεβρουαρίου του τρέχοντος έτους."
Meanwhile, the Taiwanese company has revoked this certificate and is starting to distribute new firmware versions that obviously do not contain a key to signing the code.
Let's say that if these keys had ended up in the hands of a malicious user, they would enable him to create and distribute malicious software that could pass as a formal application D-Link.
So it would be virtually invisible from any kind of anti-virus.
