Extras in the Firmware of Webcam USG Sony Chip HD 6 Camera 1080P PoE sold by Amazon

Security researcher Mike Olsen found malware in the firmware of a webcam set sold by Amazon. When he logged into the administration page of the webcam after installation some controls were missing.

Olsen thought at first that the reason was faulty CSS-code but instead discovered an iframe which pointed to a site known for distributing malware. His observation was corroborated by an older forum post according to which each HTML-page of the firmware contained that iframe. Additionally the telnet daemon had been deactivated, probably to avoid detection the forum poster speculated who also prepared a comparative picture (see below). The webcam set is not available anymore on Amazon.

 

Links Firmware mit, rechts ohne den iFrame

 

NB: This article is a translation of the original German article published 12 April 2016.