header image



A security flaw in web-connected home security cameras made by Trendnet, which distributes in Australia, is allowing internet users to spy on the private video feeds of thousands.

Trendnet, a US company, issued an update to fix the flaw on February 6 but it requires owners of the cameras to take action, which has led to some speculating that many will not install the fix unless they are made aware of the flaws.

That speculation may well turn out to be true as links to thousands of live video feeds that are claimed to remain vulnerable have been posted on internet message boards such as 4chan and Reddit in recent weeks.

The security hole, which was revealed nearly a month ago by a blog called Console Cowboys, allows for real-time online access to the cameras without the need for a password.

Director of Trendnet’s Australian agent, BAX IT services’ Matthew Mann, said he had sold 53 affected cameras to 13 customers and that he found out about the security flaw yesterday. He was contacting customers today to get them to install the fix.

“They will have to do a firmware update which is very minimal,” he said. Another 70 cameras in stock remained affected by the flaw but would have a fix installed by technicians before they were sold.

He said there could potentially be more cameras in Australia that were vulnerable which people had purchased overseas using sites like eBay but said he was the only Australian agent for Trendnet and that their web-connected cameras hadn’t been a focus for his company.

What internet users claim they saw

One Reddit user, “Gl0we”, claimed many owners of the affected cameras were using them in private spaces, including in living rooms and bedrooms. The user added that some were using them as baby monitors and that “a lot of work places” appeared to be using them too. “Some look like they might be spying on employees even,” they claimed. “It’s not even funny.”

Tech blog The Verge claimed nudity was viewed, saying a woman taking off her pyjamas in her bedroom and a young mother standing next to a baby crib at night were seen by accessing the vulnerable cameras.

Trendnet addressed the problem in a statement.

“Trendnet has recently gained awareness of an IP camera vulnerability common to many Trendnet SecurView cameras,” the Torrance, California-based firm said.

“It is Trendnet’s understanding that video from select Trendnet IP cameras may be accessed online in real time,” Trendnet said.

“Upon awareness of the issue, Trendnet initiated immediate actions to correct and publish updated firmware which resolves the vulnerability,” it said.

In the statement, Trendnet listed 22 camera models sold since April 2010 which may have the vulnerability and provided a link to a site where camera owners can download a firmware fix.

“Trendnet is aware that this IP Camera security threat may affect your confidence in Trendnet solutions,” the company said. “Trendnet extends its deepest apologies to consumers which may be impacted by this issue.”

Australian security analyst at IBRS, James Turner, said that the camera vulnerability highlighted the fact that when you plugged any device into the internet, other people could find it. “Australians should be thinking about this issue very carefully as we look forward to all of the capabilities that the [national broadband network] is promising,” he said.

As broadband became more capable and ubiquitous, he said people would “inevitably increase their use of internet-intensive applications and services, such as video conferencing.”

The resulting plethora of devices, which will be left plugged in and turned on, many with webcams and microphones, would be “an appealing target to opportunistic hackers”, he said

Sourced & published by Henry Sapiecha


No comments yet

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>