trendnetcamera(1) Home security camera breach lets hackers spy on people

Thousands of home security camera have been breached by hackers, allowing people to bypass password security and spy on people in their houses, including children in their bedrooms.

Thousands of home security camera have been breached by hackers, allowing people to bypass password security and spy on people in their houses, including children in their bedrooms.

 
The major security concern affects the live video feeds of 26 different Trendnet models and the first vulnerabilities were detected as early as 12 January, yet the problem is only coming to light now.
 
Trendnet contacted users who registered their devices with it, but only five percent of users have registered, leaving 95 percent of affected customers still exposed to a nightmare privacy invasion.
 
The company is issuing firmware upgrades to plug the security holes and has released the update for seven of the 26 affected models so far. Trendnet hopes to release the other updates within the next week. As many as 50,000 cameras could be vulnerable.
 
The coding error, which Trendnet believes was a simple oversight, was introduced as far back as 2010, which means people may have been spied on, and possibly recorded, for the last two years.
 
trendnetcamera Home security camera breach lets hackers spy on people
 
The problem was first identified on 10 January by a customer who set up a camera with a password, but found that they could access it with the correct internet address without needing to enter the password. The only variance in the web address was the IP address of the user, which meant that someone could easily tap into the camera feeds of other users.
 
The hacker revealed that the Shodan search engine could be used to find devices vulnerable to the security hole, and that the last time they did a search 350 exposed devices were found.
 
Other hackers posted web addresses and even Google Map locations of where the cameras were located, with 679 vulnerable camera links uploaded to one website alone. Some people commented that they saw people naked in their bathrooms and also saw children and babies in their bedrooms, raising significant concerns over the potential for this security flaw to be used by pedophiles.
 
Trendnet has stopped shipments of the affected models, but the company has been relatively closed-lipped about informing the public of this monumental privacy disaster.
 
Source: BBC