Some users of home security Cameras made by Trendnet could have been exposed to malicious activity by hackers. Using the Shodan search engine users can locate internet connected devices using very simple search terms. Apparently the way these Trendnet cameras are setup leaves them vulnerable to hackers as no password is required to stream a live feed right from the clients home.
A blogger using the name "someLuser" posted details on how to access these feeds in January. According to "someLuser" anyone who knows a cameras IP address can access a live feed from the device even if it is password protected.
"someLuser" comments on the design of the security system:
“There does not appear to be a way to disable access to the video stream, I can’t really believe this is something that is intended by the manufacturer. Lets see who is out there :),”
He lays out exactly how hackers can gain access to the feeds. In the following days readers of the blog went on to access over 600 different camera feeds using the methods provided by "someLuser".
Since then Trendnet has become aware of the problem and has traced the flaw back to updates and a code loaded back in 2010. The flaw effects 26 different models. Since first becoming aware of the flaw on January 12th, the company has been frantically been working to update its firmware.
Trendnet’s director of global marketing, Zak Wood told the BBC in an interview:
“We anticipate to have all of the revised firmware available this week. We are scrambling to discover how the code was introduced and at this point it seems like a coding oversight,”
What irony? The security company wired the biggest threat right into their customers homes. Would you trust these meat heads? I hope people using these products are seriously reconsidering their purchase.