This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/go/rss/int/news/-/news/technology-16919664
The article has changed 9 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| Trendnet security cam flaw exposes video feeds on net | Trendnet security cam flaw exposes video feeds on net |
| (about 4 hours later) | |
| By Leo Kelion Technology reporter | By Leo Kelion Technology reporter |
| Feeds from thousands of Trendnet home security cameras have been breached, allowing any web user to access live footage without needing a password. | Feeds from thousands of Trendnet home security cameras have been breached, allowing any web user to access live footage without needing a password. |
| Internet addresses which link to the video streams have been posted to a variety of popular messageboard sites. | Internet addresses which link to the video streams have been posted to a variety of popular messageboard sites. |
| Users have expressed concern after finding they could view children's bedrooms among other locations. | Users have expressed concern after finding they could view children's bedrooms among other locations. |
| Trendnet says it is in the process of releasing firmware updates to correct a coding error introduced in April 2010. | Trendnet says it is in the process of releasing firmware updates to correct a coding error introduced in April 2010. |
| It said it had emailed customers who had registered affected devices to alert them to the problem. | It said it had emailed customers who had registered affected devices to alert them to the problem. |
| However, a spokesman told the BBC that "roughly 5%" of purchasers had registered their cameras and it had not yet issued a formal media release despite being aware of the problem for more than three weeks. | However, a spokesman told the BBC that "roughly 5%" of purchasers had registered their cameras and it had not yet issued a formal media release despite being aware of the problem for more than three weeks. |
| "We first became aware of this on 12 January," said Zak Wood, Trendnet's director of global marketing. | "We first became aware of this on 12 January," said Zak Wood, Trendnet's director of global marketing. |
| "As of this week we have identified 26 [vulnerable] models. Seven of the models - the firmware has been tested and released. | "As of this week we have identified 26 [vulnerable] models. Seven of the models - the firmware has been tested and released. |
| "We anticipate to have all of the revised firmware available this week. We are scrambling to discover how the code was introduced and at this point it seems like a coding oversight." | "We anticipate to have all of the revised firmware available this week. We are scrambling to discover how the code was introduced and at this point it seems like a coding oversight." |
| Mr Wood added that the California-based firm estimated that "fewer than one thousand units" might be open to this threat in the UK, but could not immediately provide an exact global tally beyond saying that it was "most likely less than 50,000". | Mr Wood added that the California-based firm estimated that "fewer than one thousand units" might be open to this threat in the UK, but could not immediately provide an exact global tally beyond saying that it was "most likely less than 50,000". |
| Feed links | Feed links |
| An internet blog first publicised the vulnerability on 10 January. | An internet blog first publicised the vulnerability on 10 January. |
| The author discovered that after setting-up one of the cameras with a password its video stream became accessible to anyone who typed in the correct net address. | The author discovered that after setting-up one of the cameras with a password its video stream became accessible to anyone who typed in the correct net address. |
| In each case this consisted of the user's IP addresse followed by an identical sequence of 15 characters. | In each case this consisted of the user's IP addresse followed by an identical sequence of 15 characters. |
| The writer then showed how the Shodan search engine - which specialises in finding online devices - could be used to discover cameras vulnerable to the flaw. | The writer then showed how the Shodan search engine - which specialises in finding online devices - could be used to discover cameras vulnerable to the flaw. |
| "Last I ran this there was something like 350 vulnerable devices that were available," the author wrote at the time. | "Last I ran this there was something like 350 vulnerable devices that were available," the author wrote at the time. |
| However, it appears that others then took advantage of the technique to expose other links and uploaded them to the net. | However, it appears that others then took advantage of the technique to expose other links and uploaded them to the net. |
| Within two days a list of 679 web addresses had been posted to one site, and others followed - in some cases listing the alleged Google Maps locations associated with each camera. | Within two days a list of 679 web addresses had been posted to one site, and others followed - in some cases listing the alleged Google Maps locations associated with each camera. |
| Messages on one forum included: "someone caught a guy in denmark (traced to ip) getting naked in the bathroom." Another said: "I think this guy is doing situps." | Messages on one forum included: "someone caught a guy in denmark (traced to ip) getting naked in the bathroom." Another said: "I think this guy is doing situps." |
| One user wrote "Baby Spotted," causing another to comment "I feel like a pedophile watching this". | One user wrote "Baby Spotted," causing another to comment "I feel like a pedophile watching this". |
| Some screenshots have also been uploaded. | Some screenshots have also been uploaded. |
| Warning users | Warning users |
| At the time of writing Trendnet's home page and its press release section made no mention of the problem. | At the time of writing Trendnet's home page and its press release section made no mention of the problem. |
| However, its downloads page does list a number of "critical" updates with a brief release note saying that the code offers "improved security". | However, its downloads page does list a number of "critical" updates with a brief release note saying that the code offers "improved security". |
| The firm - whose slogan is "networks that people trust" - said that it had halted shipments of affected products to retailers and that any delivery received since the start of this month should be safe. However, it said that items delivered at an earlier date might need a firmware update. | The firm - whose slogan is "networks that people trust" - said that it had halted shipments of affected products to retailers and that any delivery received since the start of this month should be safe. However, it said that items delivered at an earlier date might need a firmware update. |
| "We are just getting to that point to be able to succinctly convey more information to the public who would be concerned," added Mr Wood. | "We are just getting to that point to be able to succinctly convey more information to the public who would be concerned," added Mr Wood. |
| "We are planning an official release of information to the public concerning this, but in advance I can tell you that this week we are targeting to have firmware to all affected models." | "We are planning an official release of information to the public concerning this, but in advance I can tell you that this week we are targeting to have firmware to all affected models." |
| Have you been affected by the issues in this story? Send us your comments using the form below. | |
| Send your pictures and videos to yourpics@bbc.co.uk or text them to 61124 (UK) or +44 7624 800 100 (International). If you have a large file you can upload here. | |
| Read the terms and conditions |