Home security camera maker Trendnet has reached a settlement with the FTC over charges that it failed to protect customer privacy after a massive security vulnerability was discovered and exploited last year.
Under the terms of a settlement with the Federal Trade Commission, TRENDnet is prohibited from misrepresenting the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit. In addition, the company is barred from misrepresenting the extent to which a consumer can control the security of information the cameras or other devices store, capture, access, or transmit.
What does this mean for all video surveillance camera manufacturers?
The breach allowed hackers to watch and monitor total strangers by tapping into live video feeds from thousands of the company’s internet-connected cameras. After a blog published a step-by-step walk through revealing how to remotely access the cameras, a huge list of working video feeds made its way onto Pastebin, where it saw over 87,000 hits. The FTC is none too pleased with the gaping security hole, nor the fact that TrendNET "exposed the private lives of hundreds of consumers to public viewing on the Internet." Hundreds of cameras were compromised In its complaint, the commission says Trendnet "failed to use reasonable security to design and test its software," also alleging that the company, as far back as 2010, "transmitted user login credentials in clear, readable text over the internet." The resulting settlement requires Trendnet to keep a close eye on its privacy policies; moving forward, it is barred from "misrepresenting the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit." But the camera marketer must also take steps to prevent this catastrophe from repeating itself. Trendnet will need to establish a "comprehensive information security program" designed to spot and resolve potential intrusion risks before they can be exploited. And it will do so under a watchful […]