TRENDnet, a networking solutions company whose slogan reads “Networks People Trust”, recently came under fire when it was revealed that 100s of their supposedly secure internet cameras could be easily accessed thanks to a flaw in the system.

The flaw makes it possible for any web user to access live video feeds without even needing a password. After the discovery had been made, links to video feeds were posted on various online forums and message boards. The problem came to light when users expressed concern when they found that children’s bedrooms, among other locations, could be viewed online.

It is unknown for how long the glitch has been exploited but it’s possible that it has been on-going for almost two years as TRENDnet says it is only now in the process of releasing updates to correct a coding error introduced in 2010.

“We first became aware of this on 12 January,” said Zak Wood, Trendnet’s director of global marketing.

“As of this week we have identified 26 [vulnerable] models. Seven of the models – the firmware has been tested and released.

“We anticipate to have all of the revised firmware available this week. We are scrambling to discover how the code was introduced and at this point it seems like a coding oversight.”

The company also says that it has issued emails to affected customers who had registered their devices. However, according to a spokesperson, only around five percent of customers had registered their devices and no formal media release had yet been issued.

It appears that the problem is not restricted to a specific area and although they estimate that in the UK fewer than 1000 units were vulnerable , globally it could be as many 50 000.

On 10 January an internet blog publicised the vulnerability which showed that anyone could access these video streams simply by entering the correct net address; the user’s IP address followed by an identical sequence of 15 characters.

Using this formula in conjunction with Shodan – a search engine specialising in finding online devices – 100s of vulnerable systems were found.

TRENDnet has yet to issue an official release alerting customers of the potential flaw.

[Source: BBC]