A company that markets video cameras designed to allow consumers to monitor their homes remotely has settled Federal Trade Commission charges that its lax security practices exposed the private lives of hundreds of consumers to public viewing on the Internet.
The FTC’s lawsuit alleges that TRENDnet marketed its SecurView cameras for purposes ranging from home security to baby monitoring, and claimed in product descriptions that they were “secure.” However, the cameras had faulty software that left them open to online viewing, and in some cases listening, by anyone with the cameras’ Internet address, the agency said.
In January 2012, a hacker exploited this flaw and made it public, and, eventually, hackers posted links to the live feeds of nearly 700 of the cameras, according to the lawsuit. The feeds displayed babies asleep in their cribs, young children playing, and adults going about their daily lives.
When TRENDnet learned of the flaw, it uploaded a software patch to its website and told its customers to visit its website to update their cameras, the FTC said.
Under the terms of the settlement, TRENDnet is prohibited from misrepresenting the security of its cameras or the security of the information that its cameras transmit.
In addition, TRENDnet is required to establish an information security program designed to address security risks that could result in unauthorized access to or use of the company’s devices.
The settlement also requires TRENDnet to notify customers about the security issues with the cameras and the availability of the software update to correct them. In addition, the company is required to provide customers with free technical support for two years to help them update or uninstall their cameras.