A company that supplies video cameras which allow people to monitor their homes remotely via the internet settled Federal Trade Commission charges that it accidentally exposed the video feeds to strangers.
TRENDnet customers use the SecurView IP camera for security, to keep an eye on children, and various other purposes. But the company’s lax security practices let strangers watch the feeds of nearly 700 of the cameras, the FTC said. The company was also accused of sending and storing customer login information in plain text that anyone could read.
In many cases, no real “hacking” was required – anyone who knew a camera’s IP address could watch the feed. Hundreds of people’s daily lives were broadcast over the internet without their knowledge, the FTC said.
Once TRENDnet learned of the problem, it uploaded a software patch to its website and sought to alert customers of the need to visit the website to update their cameras. The FTC found this effort insufficient, since anyone who didn’t download the patch would still be vulnerable.
Under the settlement, TRENDnet must stop representing the cameras as secure, step up its security protocols and make a larger effort to explain to customers what has gone wrong, according to the FTC. It must also let an outside company audit its security and offer customers free tech support for two years.