Trendnet Security Cam Flaw Exposes Video Feeds on Net
Feeds from thousands of Trendnet home security cameras have been breached, allowing any web user to access live footage without needing a password.
Internet addresses which link to the video streams have been posted to a variety of popular messageboard sites.
Users have expressed concern after finding they could view children’s bedrooms, among other locations.
US-based Trendnet says it is in the process of releasing updates to correct a coding error introduced in 2010.
It said it had emailed customers who had registered affected devices to alert them to the problem.
However, a spokesman told the BBC that “roughly 5%” of purchasers had registered their cameras and it had not yet issued a formal media release - despite being aware of the problem for more than three weeks.
“We first became aware of this on 12 January,” said Zak Wood, Trendnet’s director of global marketing.
“As of this week we have identified 26 [vulnerable] models. (In) seven of the models, the firmware has been tested and released.
“We anticipate to have all of the revised firmware available this week. We are scrambling to discover how the code was introduced and at this point it seems like a coding oversight.”
Mr Wood added that the California-based firm estimated that “fewer than 1,000 units” might be open to this threat in the UK, but could not immediately provide an exact global tally beyond saying that it was “most likely less than 50,000”.
Tech news website The Verge first publicised the issue last week after discovering a blog which had published details of the vulnerability on 10 January.
The author discovered that after setting up one of the cameras with a password, its video stream became accessible to anyone who typed in the correct net address.