Footage of Trendnet home security cameras has been cracked and found to be accessible to prying eyes. The feeds could be watched by any web user around the world even without a password!
This was exposed when a blog appeared under Console Cowboys, posted about security vulnerability in some models of Trendnet home security cameras on Jan. 10. It detailed how one can view thousands of streaming personal IP camera by following the instructions on the site.
It was reportedly found that after setting up one of the cameras with a password its video stream became accessible to anyone who typed in the correct net address and in each case this consisted of the user's IP address followed by an identical sequence of 15 characters.
"Still after setting up users with passwords the camera is more than happy to let me view its video stream by making our previous request. There does not appear to be a way to disable access to the video stream, I can't really believe this is something that is intended by the manufacturer. Let us see who is out there," the writer was quoted in his blog.
He also demonstrated how the Shodan search engine, which exposes online devices, could be used to discover cameras vulnerable to the flaw.
Deep concerns have been expressed after videos and snapshots were released on various sites.
"We are planning an official release of information to the public concerning this, but in advance I can tell you that this week we are targeting to have firmware to all affected models," Zak Wood, Trendnet's Director of Global Marketing, was quoted in BBC.
In a press release,Trendnet says it has initiated immediate action to correct and publish updated firmware which resolves the vulnerability.