Leaked D-Link code-signing key could make malware look legit

Leaked D-Link code-signing key could make malware look legit

blogger-avatarby Sean Buckley | @seaniccus | 6 Hours Ago
http://www.engadget.com/2015/09/18/leaked-d-link-code-signing-key-could-make-malware-look-legit/

When your company is known for making wireless routers, network switches and home security cameras, leaking your code-signing private keys yourself is the last thing you want to do. Back in February, that’s exactly what D-Link did, accidentally leaving a valid key visible in its open-source firmware. If found by an attacker, the key could have been used to make malware that can pass as official software from D-Link — malware that wouldn’t trigger security warnings when installed to Windows or OS X machines.

That’s bad, but luckily would-be attackers would have had to stumble across the key weeks ago — the leaked certificate expired earlier this month. Still, that means software created using the key between February and September is still valid. D-Link says it’s issuing more firmware updates in the near future to address the issue

Leave a Reply