A security researcher has found malicious code in CCTV cameras which are available on the ecommerce giant, Amazon.
Beware ! CCTV Camera’s Sold on Amazon Infected With Malware
Security Researcher, Mike Olsen alerted that some products offered via Amazon Shopping Site are infected with “dark secret” malware.
In a blog post, Olsen said that he needed to buy outdoor surveillance cameras for his friend, and he opted to purchase them from Amazon and found deal for 6 PoE cameras and recording equipment.
The seller of the this CCTV camera, Urban Security Group had good user reviews and was offering Sony Setup, but now it is not available due to the backlash from the users.
When Olsen received the surveillance kit, he started configuring it by logging into the administrator panel. Ohio said that while the page displayed the camera feed, no “normal controls or settings were available,”.
He further said “Being one of those guys who assumes bad CSS, I went ahead and opened up developer tools,”.
“Maybe a bad style was hiding the options I needed. Instead what I found tucked at the bottom of the body tag was an iframe linking to a very strange looking host name.”
The investigation disclosed the host name as Brenz.pl which is related to malware distribution.
The Brenz.pl was first discovered spreading malware in 2009 before being closed down, however it again emerged in 2011.
“Compromised domains link to the address through malicious iFrames for the purpose of distributing malware hosted on the website” states ZDNet.
If the devices firmware links to this domain, there is possibility of malware of getting downloaded and installed which can result in illegal surveillance and data theft.
The malware which is being circulated by surveillance camera have the ability to confiscate video feeds. However it is not known that how the surveillance kits became infected, Olsen said that the device wasn’t delivered directly from China where the products are manufactured.
Amazon is number one shopping destination of the world, and still the malware hit device was sold on it. So, you must take preventive measures like checking the authenticity of the product, reviews and all that before finalising your purchase.
