According to Leo Kelion at the BBC someone has determined that Trendnet cameras setup for home or office monitoring are actually allowing anyone with a computer to remotely access them and view them live. Typically these sort of cameras require a password to access the live feeds, but due to a security flaw in the Trendnet software, the cameras are in fact able to be viewed with a simple workaround.
A Trendnet spokeperson acknowledged the security flaw and stated they had notified registered users, but here’s the rub, only about 5% of the users register a product and Trendnet has yet to release a formal warning to the general public.
“We first became aware of this on 12 January,” said Zak Wood, Trendnet’s director of global marketing.
“As of this week we have identified 26 [vulnerable] models. (In) seven of the models, the firmware has been tested and released.
“We anticipate to have all of the revised firmware available this week. We are scrambling to discover how the code was introduced and at this point it seems like a coding oversight.”
What’s the most disturbing is that there may be upwards of 50,000 of these cameras in use around the world. Interestingly enough, the slogan for Trendnet is Networks People Trust.
If you have a Trendnet security camera at home or the office with a feed setup to be available remotely then you might want to consider shutting it down until Trendnet has a chance to issue a patch.
Update: There appears to be a patch just released (02/07/2012) for this and I strongly urge any owner of a Trendnet camera to go to the website to see if their particular camera is affected and needs it.