WASHINGTON (AP) — The government is requiring the marketer of Internet-connected home monitoring cameras to come up with a better security design after feeds from people's homes — video from baby monitors and home security systems — were posted online for public view.
In a settlement announced Wednesday, the Federal Trade Commission said lax security practices led to the breach by California-based TRENDnet.
The commission said the private lives of hundreds of consumers — video of babies sleeping in cribs, young children playing and adults going about their daily routines — went public in January 2012 after a hacker exploited a security flaw in the company's software and posted links of video feeds to nearly 700 cameras.
In addition to addressing software security risks, the settlement also prohibits TRENDnet from misrepresenting the security of its cameras as well as requiring the company to design a better security program.
According to the commission, the cameras had faulty software that left them open to online viewing, and in some cases listening, by anyone with the Internet address of the cameras. The complaint says the company didn't take reasonable security measures in the design and testing of its software. It also says the company claimed in numerous product descriptions that its SecurView cameras were "secure" — leading to charges from the FTC of deceptive and unfair business practices.
TRENDnet sent user login credentials in clear, readable text over the Internet, the commission said, even though free software was available to secure those transmissions.
Soon after the hacking, the company made a software update available, but it wasn't automatic, such as when a computer automatically updates its software programs, the FTC said. A consumer would have to know to go to the company's website to get the security update.
A request to TRENDnet for comment was not immediately answered.