starbuck Posted April 11, 2016 Posted April 11, 2016 A security researcher has discovered malicious code embedded within cameras offered for sale on the e-commerce platform. Security researcher Mike Olsen has warned that some products sold through the Amazon marketplace are habouring a dark secret -- malware. Olsen said in a blog post that while scouring Amazon for a decent set of outdoor surveillance cameras for a friend, he came across a deal for 6 PoE cameras and recording equipment. The seller, Urban Security Group, had generally good reviews and was offering a particular Sony setup on sale. After purchasing the kit, Olsen started setting up the surveillance system, logging into the administrator panel to configure it. While the page hosted the camera feed, no "normal controls or settings were available," according to the researcher. "Being one of those guys who assumes bad CSS, I went ahead and opened up developer tools," Olsen said. "Maybe a bad style was hiding the options I needed. Instead what I found tucked at the bottom of the body tag was an iframe linking to a very strange looking host name." Further investigation revealed the host name, Brenz.pl, is linked to malware distribution. According to cybersecurity firm Securi, Brenz was first spotted distributing malware back in 2009 before being shut down, but reemerged in 2011. Compromised domains link to the address through malicious iFrames for the purpose of distributing malware hosted on the website. VirusTotal recognizes the web domain as a malicious source and scans reveal that Trojans and viruses may be hosted by Brenz.pl. If the device's firmware links to this domain, malware can be downloaded and installed, potentially leading to unlawful surveillance and data theft. The problem was also recently brought up in a forum post on the SC10IP firmware, which is used in commercial products and also links to Brenz.pl. Threats do not just come from dodgy social media links, phishing campaigns or social engineering -- firmware can host malware, too. The take-home from this is that any device, especially when it contains networking or Internet capabilities, can harbour threats to personal safety and data security, and while the average person is unlikely to do a full-scale code search, checking reviews and alerts for such products online is worthwhile -- even if the platform is trusted. "Amazon stuff can contain malware," Olsen said. Source: http://www.zdnet.com/article/amazon-surveillance-cameras-infected-with-malware/#ftag=RSSbaffb68 Quote
FPCH Admin allheart55 Cindy E Posted April 11, 2016 FPCH Admin Posted April 11, 2016 :wow: Unbelievable. Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
DSTM Posted April 11, 2016 Posted April 11, 2016 That is scary. Quote Roses are red, violets are blue, I'm Schizophrenic, and so am I Free Photo Restoration and Repair for all Forum members - CLICK HERE Please pop back and let us know if your Computer problem has been solved.
FPCH Admin AWS Posted April 11, 2016 FPCH Admin Posted April 11, 2016 I am in the process of buying security cameras for our new location. I have to watch what I'm buying. Quote Off Topic Forum - Unlike the Rest
Digerati Posted April 12, 2016 Posted April 12, 2016 Hmmm, the Amazon link above (and in the original blog) to the Sony PoE camera no longer works. I have to say, I don't think it is fair to say, "cameras sold on Amazon...". There is no reason to suspect this problem only affects cameras sold by Amazon. I would be more inclined to say, "some Sony surveillance cameras...". Quote Bill (AFE7Ret) Freedom is NOT Free! Windows and Devices for IT, 2007 - 2018 Heat is the bane of all electronics! ────────────────────────
Recommended Posts