Imagine installing a security camera video system in your home for protection only to discover your private activities are out there for all to see.
Video feeds from some home user’s Internet security cameras are being viewed by others around the world, including bathroom scenes and children’s rooms. This is happening due to a coding error that is part of the security camera’s software.
I would not want to be the programmer that goes down for this error.
The flaw in the TrendNet security cameras was discovered after word of the shared footage spread on various message boards and blogs over the past month.
The BBC reports that messages about the flaw included:
“Someone caught a guy in Denmark (traced to ip) getting naked in the bathroom.” Another said: “I think this guy is doing sit-ups.”
Another user wrote, “baby spotted,” causing another to comment, “I feel like a pedophile watching this.”
California-based TrendNet said it learned of the problem on Jan. 12, and told the BBC that it’s in the process of releasing software updates to fix the problem.
The company is also emailing those owners who registered their cameras. As to how many are affected, it’s not clear; a company spokesman said it could be fewer than 1,000 consumers in the United Kingdom and globally “most likely less than 50,000.”
I hope for the company’s sake, not too many U.S. consumers were affected. The U.S. is such a litigious country and you can just see the lawsuits mounting now.
The Verge, a tech website, carried an extensive report about the exploit last Friday.
The vulnerability was first noted on a blog Jan. 10. Said the BBC:
- The author discovered that after setting up one of the cameras with a password, its video stream became accessible to anyone who typed in the correct net address.
- In each case, this consisted of the user’s IP address followed by an identical sequence of 15 characters.
- The writer then showed how the Shodan search engine — which specializes in finding online devices — could be used to discover cameras vulnerable to the flaw.
TrendNet said it expects to have revised firmware available this week. On Monday, the company posted the following warning on its website informing users of the specific camera models and versions that have the problem:
It is TrendNet’s understanding that video from select TrendNet IP cameras may be accessed online in real time. Upon awareness of the issue, TrendNet initiated immediate actions to correct and publish updated firmware which resolves the vulnerability.
“We are scrambling to discover how the code was introduced and at this point it seems like a coding oversight,” a company spokesman told the BBC.
Read story@ msnbc
