Feb. 7, 2012 at 2:42 PM ET
This story was updated at 3 pm PT
Video feeds from some home users' Internet security cameras — including children's rooms and bathroom scenes — are being seen by others around the world because of a coding error that is part of the cameras' software.
The flaw in the TrendNet security cameras was discovered after word of the shared footage spread on various message boards and blogs in the past month.
The BBC reports that messages about the flaw included:
"Someone caught a guy in denmark (traced to ip) getting naked in the bathroom." Another said: "I think this guy is doing sit-ups."
One user wrote "baby spotted", causing another to comment: "I feel like a pedophile watching this."
California-based TrendNet told the BBC that it's in the process of releasing software updates to fix the problem, which it learned about Jan. 12. The company is also emailing those owners who registered their cameras. As to how many are affected, it's not clear; a company spokesman said it could be fewer than 1,000 consumers in the United Kingdom, and globally "most likely less than 50,000."
Tech website The Verge carried an extensive report about the exploit last Friday.
The vulnerability was first noted on a blog Jan. 10. Said the BBC:
The author discovered that after setting up one of the cameras with a password, its video stream became accessible to anyone who typed in the correct net address.
In each case, this consisted of the user's IP address followed by an identical sequence of 15 characters.
The writer then showed how the Shodan search engine — which specializes in finding online devices — could be used to discover cameras vulnerable to the flaw.
TrendNet expects to have revised firmware available this week. Monday, the company also posted a warning on its website, letting users know about the specific camera models and versions that have the problem:
It is TrendNet’s understanding that video from select TrendNet IP cameras may be accessed online in real time. Upon awareness of the issue, TrendNet initiated immediate actions to correct and publish updated firmware which resolves the vulnerability.
"We are scrambling to discover how the code was introduced and at this point it seems like a coding oversight," a company spokesman told the BBC.
— Via TheNextWeb
Related stories:
- Defendant ordered to decrypt laptop may have forgotten password
- Supreme Court rules on GPS tracking, but punts on larger issues
- 7 signs we're living in the post-privacy era
Check out Technolog, Gadgetbox, Digital Life and In-Game on Facebook, and on Twitter, follow Suzanne Choney.