Surveillance cameras sold on Amazon infected with malware
April 12, 2016
Shah Sheikh (1294 articles)
Share

Surveillance cameras sold on Amazon infected with malware

Security researcher Mike Olsen has warned that some products sold through the Amazon marketplace are habouring a dark secret — malware.

Olsen said in a blog post that while scouring Amazon for a decent set of outdoor surveillance cameras for a friend, he came across a deal for 6 PoE cameras and recording equipment.

screen-shot-2016-04-11-at-08-34-08.jpg

The seller, Urban Security Group, had generally good reviews and was offering a particular Sony setup on sale.

After purchasing the kit, Olsen started setting up the surveillance system, logging into the administrator panel to configure it.

While the page hosted the camera feed, no “normal controls or settings were available,” according to the researcher.

“Being one of those guys who assumes bad CSS, I went ahead and opened up developer tools,” Olsen said.

“Maybe a bad style was hiding the options I needed. Instead what I found tucked at the bottom of the body tag was an iframe linking to a very strange looking host name.”

Further investigation revealed the host name, Brenz.pl, is linked to malware distribution.

According to cybersecurity firm Securi, Brenz was first spotted distributing malware back in 2009 before being shut down, but reemerged in 2011. Compromised domains link to the address through malicious iFrames for the purpose of distributing malware hosted on the website.

screen-shot-2016-04-11-at-10-15-14.jpg

VirusTotal recognizes the web domain as a malicious source and scans reveal that Trojans and viruses may be hosted by Brenz.pl.

If the device’s firmware links to this domain, malware can be downloaded and installed, potentially leading to unlawful surveillance and data theft.

The problem was also recently brought upin a forum post on the SC10IP firmware, which is used in commercial products and also links to Brenz.pl.

Threats do not just come from dodgy social media links, phishing campaigns or social engineering — firmware can host malware, too.

The take-home from this is that any device, especially when it contains networking or Internet capabilities, can harbour threats to personal safety and data security, and while the average person is unlikely to do a full-scale code search, checking reviews and alerts for such products online is worthwhile — even if the platform is trusted.

“Amazon stuff can contain malware,” Olsen said.

ZDNet has reached out to Urban Security Group and will update if we hear back.

Source | ZDNET