Long Island Shooters Forum banner

Surveillance cameras sold on Amazon infected with malware

2K views 7 replies 8 participants last post by  warmnfuzzyar 
#1 · (Edited by Moderator)
Surveillance cameras sold on Amazon infected with malware
http://www.zdnet.com...d-with-malware/

A security researcher has discovered malicious code embedded within cameras offered for sale on the e-commerce platform.

By Charlie Osborne for Zero Day April 11, 2016 -- 09:53 GMT (02:53 PDT)

Security researcher Mike Olsen has warned that some products sold through the Amazon marketplace are haboring a dark secret -- malware.

Olsen said in a blog post that while scouring Amazon for a decent set of outdoor surveillance cameras for a friend, he came across a deal for 6 PoE cameras and recording equipment

The seller, Urban Security Group, had generally good reviews and was offering a particular Sony setup on sale.

After purchasing the kit, Olsen started setting up the surveillance system, logging into the administrator panel to configure it.

While the page hosted the camera feed, no "normal controls or settings were available," according to the researcher.

"Being one of those guys who assumes bad CSS, I went ahead and opened up developer tools," Olsen said.

"Maybe a bad style was hiding the options I needed. Instead what I found tucked at the bottom of the body tag was an iframe linking to a very strange looking host name."

Further investigation revealed the host name, Brenz.pl, is linked to malware distribution.

According to cybersecurity firm Securi, Brenz was first spotted distributing malware back in 2009 before being shut down, but reemerged in 2011. Compromised domains link to the address through malicious iFrames for the purpose of distributing malware hosted on the website.

VirusTotal recognizes the web domain as a malicious source and scans reveal that Trojans and viruses may be hosted by Brenz.pl.

If the device's firmware links to this domain, malware can be downloaded and installed, potentially leading to unlawful surveillance and data theft.

The problem was also recently brought up in a forum post on the SC10IP firmware, which is used in commercial products and also links to Brenz.pl.

Threats do not just come from dodgy social media links, phishing campaigns or social engineering -- firmware can host malware, too.

The take-home from this is that any device, especially when it contains networking or Internet capabilities, can harbour threats to personal safety and data security, and while the average person is unlikely to do a full-scale code search, checking reviews and alerts for such products online is worthwhile -- even if the platform is trusted.

"Amazon stuff can contain malware," Olsen said.

ZDNet has reached out to Urban Security Group and will update if we hear back
 
See less See more
#2 ·
... any device, especially when it contains networking or Internet capabilities, can harbour threats to personal safety and data security, and while the average person is unlikely to do a full-scale code search, checking reviews and alerts for such products online is worthwhile -- even if the platform is trusted.
Indeed.

Good article, thx for sharing.
 
#6 ·
Shocked! I am shocked by this!

Ok sacsasm off now.

I have been in the Physics and IT field now for 16yrs and I am convinced more and more everyday that technology is the worst thing you can have in you house and your life.

We as a society have given away all the things we used to hold so dear all for the sake of convenience. I am just as much to blame as the next guy (as I type this in my smart phone).
 
#7 ·
We as a society have given away all the things we used to hold so dear all for the sake of convenience. I am just as much to blame as the next guy (as I type this in my smart phone).
For decades I kept a low real life internet profile. I avoided setting up a facebook account. then I did another yearly free search for my real name to see what data is out there. More than I care for there to be. If I gave up the $19.99 I could get where I bank and my SS#...... I gave in. Got me a smart phone and a facebook account. Where I am, what I buy is now the property of google.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top