Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Flaw in home security cameras exposes live feeds to hackers

Ben Grubb (SMH) | Feb. 8, 2012
A security flaw in web-connected home security cameras made by Trendnet, which distributes in Australia, is allowing internet users to spy on the private video feeds of thousands.

After the flaw was exposed user "Gl0we" on the social news website Reddit posted this image, claiming it took less that 2 minutes to create from cameras they had found to be exposed.

After the flaw was discovered user "Gl0we" on the social news website Reddit posted this image, claiming it took less that 2 minutes to create from cameras they had found to be exposed.

A security flaw in web-connected home security cameras made by Trendnet, which distributes in Australia, is allowing internet users to spy on the private video feeds of thousands.

Trendnet, a US company, issued an update to fix the flaw on February 6 but it requires owners of the cameras to take action, which has led to some speculating that many will not install the fix unless they are made aware of the flaws.

That speculation may well turn out to be true as links to thousands of live video feeds that are claimed to remain vulnerable have been posted on internet message boards such as 4chan and Reddit in recent weeks.

The security hole, which was revealed nearly a month ago by a blog called Console Cowboys, allows for real-time online access to the cameras without the need for a password.

Director of Trendnet’s Australian agent, BAX IT services' Matthew Mann, said he had sold 53 affected cameras to 13 customers and that he found out about the security flaw yesterday. He was contacting customers today to get them to install the fix.

"They will have to do a firmware update which is very minimal," he said. Another 70 cameras in stock remained affected by the flaw but would have a fix installed by technicians before they were sold.

He said there could potentially be more cameras in Australia that were vulnerable which people had purchased overseas using sites like eBay but said he was the only Australian agent for Trendnet and that their web-connected cameras hadn't been a focus for his company.

What internet users claim they saw

One Reddit user, "Gl0we", claimed many owners of the affected cameras were using them in private spaces, including in living rooms and bedrooms. The user added that some were using them as baby monitors and that "a lot of work places" appeared to be using them too. "Some look like they might be spying on employees even," they claimed. "It's not even funny."

Tech blog The Verge claimed nudity was viewed, saying a woman taking off her pyjamas in her bedroom and a young mother standing next to a baby crib at night were seen by accessing the vulnerable cameras.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.