A common reaction that many people had to webcams when they first became popular was concern – concern that one of those little cameras could act as a window into their household. It’s a fair concern, but one that’s largely unfounded, since most webcam makers tend to put security measures in place to prevent such incursions.
Unfortunately, fears of privacy invasion were proven accurate recently as the Federal Trade Commission discovered earlier this week that certain monitoring products from TRENDnet had in fact been used to spy on households. The FTC has already taken action to prevent further privacy invasions, starting with penalizing TRENDnet for what it says are “lax security practices.”
Indeed, although TRENDnet advertised its products — meant for home security and baby monitoring purposes — as secure, the devices were in fact compromised. The first time a hacker exploited the security flaw in these devices was back in January 2012. That hacker then posted links to the live feeds, which displayed the everyday lives of families that owned the at-risk devices.
Obviously, this is a startling reminder that security oversight should be stricter with such devices. This is especially true now that M2M technology and the Internet of Things are rising to prominence.
That said, people have been warning of the danger of unprotected endpoints for some time, with many saying M2M as a whole needs a security assessment. Frost & Sullivan, for example, released a report earlier this year which states that security solutions should be looked into before new infrastructures become active.
“The Internet of Things holds great promise for innovative consumer products and services,” said FTC chairwoman Edith Ramirez in a statement. “But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet.”
As for TRENDnet, the FTC stated that the company has been transmitting customer login information over the Internet in readable text, without encryption. Meanwhile, the TRENDnet mobile app, which enables remote control of its cameras, also did not properly protect user credentials. When it became aware of these flaws, TRENDnet released a software update to its website to remedy them.
The company has agreed to sanctions including a 20-year security compliance auditing program.
Edited by
Alisen Downey