Security Camera Vendor TRENDnet Settles With FTC Over Lax Internet Security

An Internet-connected security camera vendor being charged by the Federal Trade Commission over lax security is a cautionary tale for resellers of physical security wares.

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  

TRENDnet SecurView cameraYou know the Internet of Things has truly arrived when it results in its first successful government legal action. The tale of a vendor of Internet-connected security cameras being charged by the Federal Trade Commission over lax security is also a cautionary tale for resellers of physical security wares: The integrity of these systems is only as good as the weakest part of the system supporting it.

In the first action of its kind, the FTC went after TRENDnet, a purveyor of cloud-enabled security cameras that allows users to monitor activity in a protected environment via the Internet. Despite TRENDnet’s numerous marketing claims that its devices and Internet-monitoring support system were secure, the FTC charged they were anything but.

Related articles

According to the agency’s complaint, TRENDnet’s SecurView gear contained faulty software that left it open to online viewing -- and in some cases listening -- by anyone with the cameras’ IP address. According to the complaint, filed in January 2012, a hacker exploited the flaw and made it public. Links to the live feeds of nearly 700 of TRENDnet’s  cameras were posted online, allowing unfettered views of  “babies asleep in their cribs, young children playing and adults going about their daily lives,” according to the FTC.

TRENDnet also transmitted user login credentials in clear, readable text over the Internet and the company’s mobile applications for the cameras' stored consumer login information in plain text on users’ mobile devices.

“The Internet of Things holds great promise for innovative consumer products and services.  But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet,” FTC Chairwoman Edith Ramirez said in a statement.

In its defense, TRENDnet officials said they took immediate action to secure their gear when they realized the SecurView systems had been hacked.

“TRENDnet immediately initiated every effort to respond to and resolve the hack,” company officials said in a statement. “TRENDnet immediately released updated firmware which eliminated the published hack for related product models. Product shipments were stopped and corrective firmware updates were performed for all affected models.

“For over 23 years, TRENDnet has built a reputation of offering network hardware solutions to consumers worldwide,” the vendor said. “TRENDnet has worked closely with the FTC throughout this process. The product hack and the subsequent FTC action was used as an opportunity to improve best practices which support augmented product security for existing and future products.”

That diligent response likely spared TRENDnet from the most sever punishment for its transgressions, which could have resulted in tens of thousands of dollars in fines, according to the FTC regulations regarding such civil administrative complaints.

As it is, under the terms of its FTC settlement, TRENDnet is now prohibited from misrepresenting the security of its cameras or the data they transmit. The company is also required to establish “a comprehensive information security program designed to address security risks that could result in unauthorized access,” according to the FTC.

TRENDnet must now obtain third-party assessments of its security programs every two years for the next 20 years and give existing customers two years of free technical support to help them update or uninstall their cameras.

  • Tweet  
  • LinkedIn  
  • Facebook  
  • Google plus  
  • Send to Kindle
  • Send to  

Want more articles like this?

 
More on Cloud Computing
Tightrope

Partner cultivation is key to cloud success

Vendors have a vested interest in helping partners evolve from sellers of simplistic, commoditized cloud services to providers of complex, tailored solutions

Internet of Things big data

Cloud apps here to stay in the workplace

Gartner says businesses will embrace cloud use in the workplace, rather than banning it

Amey videoconferencing

Westcon releases GoldSeal VaaS for partners

The distributor’s Video-as-a-Service collaboration offering gives solution providers leverage in the cloud and UCC spaces

rising-costs

Vendors tackle unchecked cloud spending

Call it Shadow IT, cloud sprawl or abandoned clouds, unmanaged cloud accounts are creating big headaches for businesses and individuals. Vendors are moving to enable solution providers to help customers get a handle on this growing problem

Visitor comments
Add comments
blog comments powered by Disqus
In-depth
paul-zeiter-zerto

Vendor Q&A Series: Paul Zeiter, Zerto

The latest channel exec to sit in the new-look Channelnomics hotseat is Zerto's president

newspapers-and-glasses

Channelnomics' top five stories of the week - 12 February 2016

Check out which articles grabbed the most attention this week

hundred-dollars

PSA pricing isn’t the big ill of managed services

Kaseya bought PSA vendor Vorex, saying the incumbent platforms are too expensive for too little benefit. Pricing isn’t as much of a problem as effective use of these systems and lack of business fundamentals

kim-king-progress

Why VARs choose the wrong vendors

With the wrong vendor come various pitfalls for solution providers, says Progress Software's Kim King