When 'Internet Of Things' Go Bad: Company Fails To Secure Video Feeds
Trendnet's IP cameras let people access live video feeds, in order to remotely monitor what's happening in their homes. But the company didn't adequately secure the feeds, according to the FTC. The result was that total strangers were able to access online video feeds of people's homes.
The FTC says Trendnet failed to secure its customers' videos in a variety of ways. For instance, the company transmitted users' passwords in “clear, readable text over the Internet,” according to the FTC. Also, when Trendnet rolled out a way for customers to access the video feeds on Androids, the company also started storing users' logins in clear text on mobile devices. And Trendnet failed to test its software “to verify that access to data is restricted consistent with a user’s privacy and security settings,” the FTC alleged.
The problems with Trendnet came to light in January of 2012, when a hacker figured out how to access the live feeds. “The hacker posted information about the breach online; thereafter, hackers posted links to the live feeds for nearly 700 of respondent’s IP cameras,” the FTC says in its complaint. “These compromised live feeds displayed private areas of users’ homes and allowed the unauthorized surveillance of infants sleeping in their cribs, young children playing, and adults engaging in typical daily activities.”
The agency said that Trendnet engaged in deceptive practices, because it promoted its Webcams as secure. The FTC also said that Trendnet's shoddy security procedures constitute an unfair act or practice.
Trendnet has agreed to settle the complaint by establishing a security program, and notifying consumers who were affected by the glitch.