Traffic and speed cameras in the state of Victoria, Australia were infected by the WannaCry ransomware attack that hit hundreds of thousands of computer networks around the world last month.
According to local radio station 3AW, the cameras found on highways and intersections—operated by Redflex Traffic Systems—were infected after a maintenance worker inserted a WannaCry-infected USB drive into the devices earlier this month.
The explanation seems possible as it’s unlikely the cameras could have been infected without the malicious attack being brought to them; the cameras themselves are not directly connected to the internet.
The Victoria Justice and Regulation Department said the cameras have continued to operate normally despite the infection, save for the occasional reboot. The Department also insisted those who receive tickets for speeding or other traffic offenses after being caught by the cameras won’t be able to argue the malware infection compromised the cameras.
A spokesperson from the department told AW3 that steps have been taken to fix the security flaws in the cameras.
“A system patch has been applied, which prevents the spread of the virus,” the spokesperson said. “The Department is in the process of removing the virus from the affected cameras. The remaining sites will be rectified in the next couple of days.”
WannaCry began its spread last month, infecting hundreds of thousands of computer systems around the world in a matter of just days. The attack hit networks belonging to major corporations as well as hospitals and other organizations.
Earlier this week, Honda was forced to temporarily shut down one of its car manufacturing plants after it learned its computer networks were hit by WannaCry, showing that while the initial spread of the virus may have passed, it is still a threat to machines that have not been patched.
The attack made use of a Windows exploit first discovered by the U.S. National Security Agency. That exploit was stolen by a group of hackers known as the Shadow Brokers and made public. While the NSA tipped off Microsoft to the vulnerability and the company published a fix, most systems were not updated in time to protect against the attack.
The temporary closing of Honda’s plant is just the latest effect of the ransomware attack, and is evidence residual attacks are still happening even though the attack is largely over. It is believed similar attacks using other NSA exploits have also been launched and may put computer systems at risk.
While the vast majority of infected devices were Windows machines, ancillary devices like the traffic cameras in Australia have also been hit. Medical devices were found to be vulnerable to attack, with devices that perform CT, MRI and PET scans believed to be at risk of infection.