This article was published on February 7, 2012

Security camera flaw exposes private video feeds online


Security camera flaw exposes private video feeds online

A flaw in a range of security cameras made by US firm Trendnet means that anyone with the correct URL can view footage from affected devices without a password.

As the BBC reports, the problem, first exposed online almost a month ago, means that armed with the correct IP address and URL structure, any of the vulnerable cameras can be viewed straight from a browser. To those who know how, the online device search engine Shodan can be used to locate susceptible cameras.

Trendnet says that it is rolling out new firmware for the affected models of camera this week, and that it had halted shipments of affected units to retailers. It blames the problem on a coding error introduced as far back as 2010. The company told the BBC that 26 models of camera and fewer than 50,000 units were likely to be affected in total – although that’s still a hefty number.

Trendnet admits to having been aware of the flaw for over three weeks and is yet to issue a formal statement to customers about it – something that its users who may have been spied on by curious Internet users probably won’t be too happy about.

Get the TNW newsletter

Get the most important tech news in your inbox each week.