Tuesday, April 12, 2016
As if there weren't enough issues already regarding the potential bad configuration of surveillance cameras that might let the entire world see what's happening in your home (or office), now there's a chance you might be getting a surveillance system with malware already included in it.
This awkward situation happened when a security researcher bought a 6 camera surveillance kit on Amazon, from a reputable seller. When trying to configure it, via browser, he found some issues, prompting him to take a closer look. And instead of a simple error, what he found was far more worrying.
At the end of the web page served by the surveillance system was a simple line that included content from a suspicious looking site called "brenz.pl". After a quick search, he found this domain to be connected to malware distribution, leaving no margin for error.
Now, the fact that Urban Security Group is a reputable seller (so far) means they probably had no idea this system was infected, and there was a previous report by another user that detected this malware being installed via an infected update file. So, it's possible user might be infecting their systems as they try to update it.
In any case, it's increasingly hard to know who or what to trust. Soon, we'll need to make digital security a necessary class for kids, as I suspect we'll all need to be able to detect and debug what our internet connected devices are doing... just to make sure they're doing just what they're supposed to do.