Thousands of home security camera have been breached by hackers,
allowing people to bypass password security and spy on people in their
houses, including children in their bedrooms.
The major security concern affects the live video feeds of 26 different
Trendnet models and the first vulnerabilities were detected as early as
12 January, yet the problem is only coming to light now.
Trendnet contacted users who registered their devices with it, but only
five percent of users have registered, leaving 95 percent of affected
customers still exposed to a nightmare privacy invasion.
The company is issuing firmware upgrades to plug the security holes and
has released the update for seven of the 26 affected models so far.
Trendnet hopes to release the other updates within the next week. As
many as 50,000 cameras could be vulnerable.
The coding error, which Trendnet believes was a simple oversight, was
introduced as far back as 2010, which means people may have been spied
on, and possibly recorded, for the last two years.
The problem was first identified on 10 January by a customer who set up a
camera with a password, but found that they could access it with the
correct internet address without needing to enter the password. The only
variance in the web address was the IP address of the user, which meant
that someone could easily tap into the camera feeds of other users.
The hacker revealed that the Shodan search engine could be used to find
devices vulnerable to the security hole, and that the last time they did
a search 350 exposed devices were found.
Other hackers posted web addresses and even Google Map locations of
where the cameras were located, with 679 vulnerable camera links
uploaded to one website alone. Some people commented that they saw
people naked in their bathrooms and also saw children and babies in
their bedrooms, raising significant concerns over the potential for this
security flaw to be used by pedophiles.
Trendnet has stopped shipments of the affected models, but the company
has been relatively closed-lipped about informing the public of this
monumental privacy disaster.
No comments:
Post a Comment