The Federal Trade Commission has settled with a marketer of Web-connected home cameras after finding that the company failed to secure the feeds from hackers.
TRENDnet's SecurView cameras are used for home security or as baby monitors, and are able to stream video and audio to its owner over the internet. But in January, hackers managed to exploit a security flaw that allowed them to hijack the video streams. They made the flaw public and posted links to the feeds of nearly 700 cameras -- including some that were being used as baby monitors.
The company quickly responded, issuing a firmware update in early February for the eighteen affected camera models. But the FTC says in its ruling that the company was clearly negligent, writing that "TRENDnet failed to use reasonable security to design and test its software, including a setting for the cameras' password requirement."
Its sins don't stop there. The FTC also says that from April 2010, TRENDnet -- whose slogan, ironically, is "Networks People Trust" -- has been transmitting users' passwords over the Internet and on mobile apps in plain, readable text. That means that anyone who intercepted those communications would be able to read the password instead of seeing it represented as a series of asterisks or an encrypted data string. That's hardly the level of security one would expect from a company making cameras used as baby monitors.
The company won't be fined, but it will have to implement a security program to identify any vulnerabilities in its systems. And it has to get a third-party assessment of its security procedures to make sure it doesn't happen again.
TRENDnet isn't the only company facing these sorts of issues. Last month, a Houston family was horrified to discover that its 2-year-old's monitor had been hijacked by an unknown party, who was able to use its two-way audio feature to shout obscenities at the child. According to Forbes, that monitor was made by Chinese company Foscam, which had to issue a security update of its own earlier this year to patch a security vulnerability.
Unfortunately, the vast majority of users have not applied the patch. So if you do decide to go with an Internet-connected camera for security or baby monitoring, be sure to check the company website on a regular basis to make sure you don't miss any security updates.
Matt Brownell is the consumer and retail reporter for DailyFinance. You can reach him at Matt.Brownell@teamaol.com, and follow him on Twitter at @Brownellorama.