September 5, 2013
FTC Brings Hammer Down On Trendnet Over Flawed Security Cameras
Michael Harper for redOrbit.com - Your Universe Online
Last January, videos began to pop up online that were taken from what were supposed to be secure webcams. The cameras, made by Trendnet, were found to have a serious glitch, which made them quite susceptible to hacking and, following the leaks of these videos, a complaint was made to the Federal Trade Commission (FTC).
A settlement has been reached between the FTC and Trendnet, forcing the company to alert customers about potential security threats and conduct its own audits. In a press statement from the FTC regarding this decision, the commission says though Trendnet had been marketing its products as “secure,” complaints about leaked video began coming in in April, 2010. The issue came to a head when live videos of children sleeping were posted online.
This decision also marks the first case against a home electronics maker, though it likely won’t be the last.
As more items in the home become technologically advanced, they inevitably wind up connected to the web. This has created what many are now referring to as “The Internet of Things,” or the inter-connectivity of many devices. According to FTC chairperson Edith Ramirez, the FTC has a role to play as the Internet of Things moves into people’s homes.
“The Internet of Things holds great promise for innovative consumer products and services. But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet,” explained Ramirez in a statement.
The FTC says Trendnet is prohibited from misrepresenting the “security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit.” Trendnet is also prohibited from misrepresenting what a consumer can and cannot control with their camera. The FTC is requiring Trendnet to start finding any potential security flaws and address them quickly in its own audits.
Trendnet “SecurView” webcams were marketed as a security solution, a way to keep an eye on one’s house and possessions while away from home. Customers also used the web-connected cameras as baby monitors to watch their children when they were out. The videos could then be seen by the customer (and supposedly only the customer) online. Last year a hacker discovered a way to break into the code of the webcams and watch upwards of 700 live streams. These videos of the inside of homes and bedrooms were shared online on forums such as the popular 4Chan site. What’s more, the hacker also presented details explaining how others could access even more live streams.
According to a hacker blog known as ConsoleCowboy, hacking into these cameras was frighteningly easy. To watch the videos one only needed to enter in the user’s IP address and an identical series of 15 numbers.
“[A]fter setting up users with passwords the camera is more than happy to let me view its video stream by making our previous request,” read the blog post. “There does not appear to be a way to disable access to the video stream, I can´t really believe this is something that is intended by the manufacturer.”
Trendnet said that while it couldn’t say precisely how many cameras had been affected by this security flaw, it believed fewer than 500,000 cameras had been infiltrated.