Home security camera feeds posted to web

Images of children in their bedrooms have been freely available on the web, following a security breach by webcam company Trendnet.

The breach affects thousands of feeds, and was caused by an error in code introduced nearly two years ago.

“It is Trendnet’s understanding that video from select Trendnet IP cameras may be accessed online in real time,” says the company.

The flaw was first discovered by the Consolecowboys hacking blog, which details how the cameras’ video streams are accessible to anyone with the correct net address – and how the Shodan search engine can be used to discover vulnerable cameras.

“Still after setting up users with passwords the camera is more than happy to let me view its video stream by making our previous request,” says the author.

“There does not appear to be a way to disable access to the video stream, I can’t really believe this is something that is intended by the manufacturer.”

Over the following days, readers of the blog have posted lists of web addresses for vulnerable cameras to the internet. Images have included people in the bathroom, and at least one baby in a bedroom.

The problem affects SecurView Cameras bought since April last year. There’s a full list of affected models here; new formware’s already available for many of them, and Trendnet is promising to fill in the gaps over the next two days.