Home security is a multibillion dollar industry, and it’s one that keeps on growing. As we fill our houses and apartments with creature comforts and expensive gadgets, the benefits of technology in safeguarding our homes and our families become increasingly obvious, particularly as the cost of such technologies continues to fall.
In recent years, home camera systems have grown in popularity; many systems can be purchased at relatively low cost, and can be easily set up and managed through apps and home computer programs. There are wired and wireless systems, cameras with motion detectors, and some even offer the ability to remotely interact with each camera via a web-based interface, when you’re on holiday or at work, for example.
It all sounds very nice, very convenient and reassuring – but the problem with security systems is that they aren’t always as secure as they should be. BBC News revealed today that numerous cameras offered by California-based Trendnet, which specialises in networking equipment, are vulnerable to a major flaw, which allows anyone to view the feeds online.
Worse still, the vulnerability has already been seized upon, with thousands of links to video streams of users" camera feeds having been shared on numerous websites.
The flaw was first identified by an unnamed website on 10 January, when a blogger found that anyone with the correct URL for a camera could view it online, even if the system had been protected with a password. It’s been reported that the URL for each camera is also very easy to work out, being largely based upon a user’s IP address.
Within 48 hours, hundreds of feeds had been exposed online, with some even including Google Maps data to identify where the feeds were located (extrapolated from the IP address). One forum included comments from users who were watching a man getting naked in his home; in another feed, a user wrote “Baby Spotted”. Indeed, given that some parents install security systems inside their own homes, hoping to improve the safety and security of their children, it’s unsurprising – although deeply worrying – that some users have reported being able to see feeds from children’s bedrooms.
Zak Wood, Trendnet’s director of global marketing, stated to BBC News that the company has been aware of the problem since 12 January, and has identified 26 cameras in its range that are affected by the flaw. Seven models have received updated firmware so far, with further updates for other vulnerable models currently in testing. The company claims that the issue arose as a result of a "coding oversight" that is being reviewed internally.
Despite being aware of the problem for almost four weeks, Trendnet hasn’t yet issued an official public statement or contacted its customers to explain the issue. Wood stated that fewer than 50,000 customers will have been affected by the vulnerability, adding: “We are just getting to that point to be able to succinctly convey more information to the public who would be concerned. We are planning an official release of information to the public concerning this.”