[ISN] Flaw in Home Security Cameras Exposes Live Feeds to Hackers

http://www.wired.com/threatlevel/2012/02/home-cameras-exposed/

By Kim Zetter
Threat Level
Wired.com
February 7, 2012

A flaw in home security cameras made by Trendnet potentially exposed
thousands of customers to hackers who could access the live video feeds
without a password.

The vulnerability was discovered by a blogger who uses the name
“someLuser� and who posted details of the flaw in January, describing
how he was able to find vulnerable cameras online by using the Shodan
search engine, which allows users to find internet-connected devices
using simple search terms.

Although users can set up the cameras with a password, the videostream
from even a password-protected camera is available to anyone who knows
the camera’s net address, which consists of an IP address, and a
sequence of 15 digits that are the same for every computer. In this
manner, the blogger says he was able to identify 350 vulnerable Trendnet
cameras.

“There does not appear to be a way to disable access to the video
stream, I can’t really believe this is something that is intended by the
manufacturer. Lets see who is out there :),� he wrote in his post.

[...]

_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn

• This message: [ Message body ]
• Next message: InfoSec News: "[ISN] Alleged Foxconn hack allowed bogus orders to be placed for vendors"
• Previous message: InfoSec News: "[ISN] Threatened Pentagon programs will play up cyber roles, experts predict"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]