Olsen said that he was searching for “a simple set of good outdoor surveillance cameras” for a friend, when he found what he thought was a good deal for 6 Sony Chip HD PoE cameras and recording equipment. The seller, Urban Security Group, had mostly good reviews, so Olsen made the purchase. After purchasing the kit, Olsen started setting up the surveillance system, logging into the administrator panel to configure it. When trying to set up the camera kit, Olsen said that “something seemed a bit off.” According to the researcher, while the page hosted the camera feed, no “normal controls or settings were available.” Olsen considered that a bad style could be hiding these controls and opened up developer tools, only to discover “an iframe linking to a very strange looking hostname.” He googled the name and found that the host name, Brenz.pl, is linked to malware distribution. Further investigation revealed the host name, Brenz.pl, is linked to malware distribution. This is not the first time Brenz has been found spreading malware. According to cybersecurity firm Sucuri, it was first spotted distributing malware in 2009, before being shut down. However, Brenz did not stay down; the host re-emerged in 2011. Compromised domains link to the address through malicious iFrames for the purpose of distributing malware hosted on the website. VirusTotal recognizes the web domain as a malicious source and scans disclose that Brenz.pl may be hosting Trojans and viruses. If the device’s firmware links to this domain, malware can be downloaded and installed, possibly leading to unlawful surveillance and data theft. The problem was also recently brought up in a forum post on the SC10IP firmware, which is used in commercial products and also links to Brenz.pl. It’s unclear how the kits became infected but Olsen pointed out that the device wasn’t delivered directly from China where the product is supposedly made. Any device, especially when it contains networking or Internet capabilities, can pose danger to personal safety and data security, and while the average person is unlikely to do a full-scale code search, checking reviews and alerts for such products online is worthwhile even if the platform is trusted. Last month, a Whirlpool enthusiast cautioned users in a forum that they came across a version of the camera’s firmware which had malware embedded in the HTML pages.
