The Urban Security Group's (USG) Sony Chip HD 6 Camera 1080P PoE IP CCTV surveillance camera kit, sold on Amazon, contains malware in the firmware of its security cameras, a Proctorio security researcher, Mike Olsen, has claimed.
Olsen said the firmware contains malicious iframes that redirect users to Brenz[dot]pl, a site that has been linked to malware distribution, according to an 9 April blog post.
The malicious site was shut down in 2009. However, in 2011 researchers at Sucuri spotted several sites being infected with iframes pointing to the malicious domain.
Olsen told SCMagazine.com via emailed comments although the website currently isn't spreading infections, it looked as though the threat actors could activate it at any point.
He discovered the kit contained malware while probing the system after its interface didn't show any of the normal controls or settings that were available but Olsen wasn't the first to notice a problem with the kit.
Last month, a Whirlpool enthusiast cautioned users in a forum that they came across a version of the camera's firmware which had malware embedded in the HTML pages.
After finding the malware, Olsen said he contacted Amazon who subsequently told him they would contact USG, however as of now neither vendor has taken action yet. The surveillance kit is still available for sale on Amazon.
It's unclear how the kits became infected but Olsen pointed out that the device wasn't delivered directly from China where the product is supposedly made.
Olsen said USG is denying the existence of the malware but nevertheless is offering a solution to "fix" the problem.
SCMagazine.com attempted to contact Amazon, Sony, and USG but has yet to receive comment.