If you haven’t heard by now, there has been an enormous TRENDnet security hole floating around the internet for about a year, allowing anyone from anywhere to view insecure TRENDnet IP cameras with ease — no password required. While the exploit was widely publicized last January, hundreds of cameras remain accessible, primarily due to older camera models that haven’t had their firmware updated. If the IP camera isn’t registered, TRENDnet has no way of notifying camera owners that anyone with an internet connection could be looking into their homes, businesses, or bedrooms.
Console Cowboys explained the exploit in detail last year, and recently created a Twitter account, @TRENDnetExposed, tweeting accessible IP camera addresses in an effort to increase awareness. The group even temporarily published a Google map with the location of every camera and links to their live view. Perhaps a little extreme, but the more people that see it, the more likely it is that TRENDnet IP camera owners will update their firmware and patch the hole.
When asked by networkworld.com about the vulnerability, TRENDnet responded that they have taken the following actions:
- Identify affected TRENDnet IP cameras.
- Halt shipping on affected cameras.
- Affected cameras were taken off shelf from worldwide retail outlets.
- Issued press releases regarding the potential security breach to general public.
- Issued firmware security patch for the affected cameras in early February, 2012.
- Notified worldwide business partners regarding affected cameras, asking them to notify their end-user customers.
Almost all TRENDnet models purchased between April 2010 and February 2012 are vulnerable. If you, your family members, or anyone you know picked up a TRENDnet IP cam between those dates, please update the firmware! It’s not too much trouble, and if you get stuck, Sensr.net can even try to help you out — just let us know in the comments.