The Federal Trade Commission has made its first ever action against a maker of connected everyday devices, TRENDnet, for what it says is lax security despite promises stating otherwise. TRENDnet makes a variety of wireless webcams, connected home security cameras, and other such devices that connect to the Internet, devices that the FTC states left consumers’ personal feeds open to public eyes.
TRENDnet, who’s slogan is “Networks People Trust”, is no stranger to such allegations. Back in early 2012, for example, it was made public that more than 24 different TRENDnet cameras were vulnerable to spying due to a security issue allowing the request for a password to be bypassed. Since that time, a quick gander at some of the Internet’s nooks and crannies shows that not much has changed, with live feeds proving a source of entertainment from 4Chan to private Internet forums and back again.
The security issues go back farther than that, however, says the FTC, with software flaws having been present since at least April of 2010. Such problems were the result of failure to use a “reasonable” security model for testing and designing its software. Beyond that, the Commission also states TRENDnet has failed to secure transmissions of login credentials, passing along passwords and such in plain text.
One complaint filed against the company alleges that following a public revelation of TRENDnet software vulnerabilities, about 700 camera feeds were posted publicly online. In these feeds, the voyeuristic were able to watch everyday activities, kids playing, and babies sleeping. The vulnerability was eventually patched and customers were advised to update.
As part of a settlement with the agency, TRENDnet is no longer allowed to make the same security claims as before. FTC Chairwoman Edith Ramirez said: “The Internet of Things holds great promise for innovative consumer products and services. But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet.”