Skip to main content

FTC settles with Trendnet after 'hundreds' of home security cameras were hacked

FTC settles with Trendnet after 'hundreds' of home security cameras were hacked

Share this story

Home security camera maker Trendnet has reached a settlement with the FTC over charges that it failed to protect customer privacy after a massive security vulnerability was discovered and exploited last year. The breach allowed hackers to watch and monitor total strangers by tapping into live video feeds from thousands of the company's internet-connected cameras. After a blog published a step-by-step walkthrough revealing how to remotely access the cameras, a huge list of working video feeds made its way onto Pastebin, where it saw over 87,000 hits. The FTC is none too pleased with the gaping security hole, nor the fact that Trendnet "exposed the private lives of hundreds of consumers to public viewing on the Internet."

Hundreds of cameras were compromised

In its complaint, the commission says Trendnet "failed to use reasonable security to design and test its software," also alleging that the company, as far back as 2010, "transmitted user login credentials in clear, readable text over the internet." The resulting settlement requires Trendnet to keep a close eye on its privacy policies; moving forward, it is barred from "misrepresenting the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit."

But the camera marketer must also take steps to prevent this catastrophe from repeating itself. Trendnet will need to establish a "comprehensive information security program" designed to spot and resolve potential intrusion risks before they can be exploited. And it will do so under a watchful eye; the company will have to obtain assessments on its security program from a third party every two years for the next two decades. Customers that own the impacted cameras must be warned of the potential threat and notified that there's a software fix available, and Trendnet will provide technical support to assist with that upgrade for two years. But considering the scope of this privacy crisis, the company should probably count itself lucky to remain in business.