Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Malware Found in IoT Cameras Sold by Amazon

Time was when you could trust big names. Not any more – in fact ‘big names’ are increasingly targeted by the bad guys simply because we do tend to trust them. Amazon is just the latest.

Time was when you could trust big names. Not any more – in fact ‘big names’ are increasingly targeted by the bad guys simply because we do tend to trust them. Amazon is just the latest.

Mike Olsen, co-founder of Proctorio warned Saturday that a set of security cameras he had purchased from Amazon had been infected with malware. Connecting them to a friend’s computer he didn’t quite find what he expected – they were working, but not in the way he expected. 

He thought it was a bug and used developer tools to look at the code. What he found, however, was not a simple bug, an iframe linking to a website that aroused suspicions: brenz_pl/rc/.

Malware Found on IoT Camera“At this point I went ahead and googled the domain, and guess what came up?” he wrote in his blog post. As long ago as March 2011, David Dede wrote on the Sucuri blog, ‘Brenz.pl is Back With Malicious iFrames’.

Olsen offers no suggestion that either Amazon or the supplier (Urban Security Group) are at fault in this. The cameras are Sony cameras. What it tells us, however, is that we can no longer trust a good reputation.

“Users,” confirmed Morten Kjaersgaard, CEO at Heimdal Security, “need to be aware that malware can be present in any form of device they buy.

“At the moment, fast moving consumer electronics are especially exposed. But we also saw this with Lenovo laptops and malware which was pre-installed. Cybercriminals will try to use trusted channels to get access to what they want.”

For cameras, the threat will be that installed malware could steal the data feed, while external control would mean that the property, thought to be secured, is actually made very vulnerable. Other devices could be more serious, more costly and even life-threatening.

Overall, it is an indication of the threats we must expect to increase with the internet of things. David Harley, ESET Senior Research Fellow, told SecurityWeek that while such occurrences are “very much the exception rather than the rule right now, as more and more things become connected (often unnecessarily) by vendors who haven’t really thought about the potential for security breaches via otherwise innocuous objects, it would be naïve to think that we won’t see deliberate attempts to exploit known vulnerabilities. There are already plenty of ‘Proofs of Concept’ around. Some devices may not be high-value in themselves, but usable to get to more ‘interesting’ objects.”

Advertisement. Scroll to continue reading.

As an example of how easy it could be to compromise IoT devices in the modern world, Olsen told SecurityWeek, “With Amazon’s Fulfillment Service you can certainly buy these devices, load them with infected firmware and then have Amazon stock and ship them under their name/brand. Obviously Amazon isn’t scanning these devices for infections, most of them stay ‘new’ in the packaging. This could be as unsophisticated as the camera hack I found, all the way to a device with a firmware that allows remote access. People are using these things to control components in their homes, if the firmware allowed eavesdropping or remote control the possibilities are endless.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.