Slashdot Mirror

← Back to Stories (view on slashdot.org)

Surveillance Cameras Sold On Amazon Found Infected With Malware (zdnet.com)

Posted by msmash on from the why-is-the-red-light-still-on? dept.

An anonymous reader shares a report on ZDNet: Security researcher Mike Olsen has warned that some products sold through the Amazon marketplace are harboring a dark secret -- malware. Olsen said in a blog post that while scouring Amazon for a decent set of outdoor surveillance cameras for a friend, he came across a deal for 6 PoE cameras and recording equipment. The seller, Urban Security Group, had generally good reviews and was offering a particular Sony setup on sale. After purchasing the kit, Olsen started setting up the surveillance system, logging into the administrator panel to configure it. [...] Upon investigation, Olsen found that the device was talking to a server with hostname Brenz.pl, which is linked to malware distribution. If the device's firmware links to this domain, malware can be downloaded and installed, potentially leading to unlawful surveillance and data theft.Perhaps the company which made the device didn't realize its source code was compromised. While the aforementioned incident should serve as a reminder to people on why they need to be wary of the product they are purchasing, this isolated occurrence doesn't prove in any way that "plenty" of cameras on Amazon are also infected, as the article and the original blog post are subtly trying to imply.

6 of 78 comments (clear)

  1. Re:Reasons why I don't like the Internet of Things by U2xhc2hkb3QgU3Vja3M · · Score: 4, Funny

    1) Internet of Things devices could do things I don't want them to.

    FTFY.

  2. What? by Chmarr · · Score: 3, Insightful

    An editorial comment that actually LESSENS the alarmism in the submission, rather than adding to it?

    This is... nearly unheard of on slashdot! What is happening???

  3. Re:made in china by U2xhc2hkb3QgU3Vja3M · · Score: 4, Insightful

    If the CPU, flash/etc ICs are made in China then you can't trust made-in-not-China devices either.

  4. Re:Reasons why I don't like the Internet of Things by toonces33 · · Score: 3, Funny

    But what about the Internet of Thongs?

    I guess that already exists - I bet all you need to do is search for it.

  5. Re:made in china by LWATCDR · · Score: 3, Informative

    On MCUs you often have fuses that you can blow to prevents jtag. BTW that is a bear to test because you end up with at least a few bricked devices. If you are doing large numbers of devices you can often have the MCU maker provide the chips to your manufacture with the bootloader installed and the fuses blown.
    The downside to locking the bootloader like that is that the device is no longer hackable by the end user.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  6. Network separation? by Nethead · · Score: 4, Insightful

    Why would you actually hook these up to a network that has Internet access? Of course you make a separate VLAN or network for your "security" devices and other monitoring, ^H^H^H^H^H IoT devices that can only talk to preapproved connections. That is what a firewall is for.

    --
    -- I have a private email server in my basement.