A flaw discovered in the code of Trendnet’s connected home security camera systems have made thousands of private video feeds accessible by almost anyone on the internet. More than two dozen models of Trendnet home security cameras are vulnerable, allowing people to access the video feeds via the camera’s IP address without the need to enter a password.
The flaw was first discovered and reported on in January by a blog called Console Cowboys, which revealed that by simply appending a specific code to a camera’s IP address, the password requirement could be bypassed. The blog posted detailed instructions on how to breach Trendnet cameras, resulting in links being posted to various message boards.
Offices, children’s bedrooms, and even someone’s bathroom were viewable among the list of video feeds exposed. A list of 679 web addresses to exposed video feeds were posted to a message board within two days with more listings revealed that were also associated with Google Maps locations.
Trendnet is scrambling to release firmware updates to fix the problem, but estimates that there are 26 camera models that are affected. To see if your camera model could be a spy cam, check out the full list here. Also, be sure to check Trendnet’s download page for firmware updates.
[via PC Mag]