Surveillance Camera Surveillance

What if you could access the video stream from the inside of a house on the other side of the country? Or a bank office? Or a street corner outside a popular nightclub? What if there was no way for the owner to disable the setting. That's the situation that TrendNet, one of the world's largest supplier of surveillance cameras, found itself in last month.

The vulnerabilities, which appear in virtually every IP-addressable camera TrendNet produced after April 2010, were first reported in January on Console Cowboys. Using the information from the blog, vulnerable cameras could then be identified using the hardware search engine Shodan. This is the same search engine that has been used to find vulnerable SCADA systems in recent months.

According to the BBC people around the world used this information to start collecting images, and some of these images were also linked to Google Maps to identify the real-world location. The newspaper reported "messages on one forum included: 'Someone caught a guy in denmark (traced to ip) getting naked in the bathroom.' Another said: 'I think this guy is doing sit-ups.'"

TrendNet, a company whose slogan is "Networks People Trust," has acknowledged the vulnerabilities in 26 models of its camera. The company said on Monday in a press release that it was working to provide firmware updates to all affected models.

The company also said it had traced the problem to an update that had been applied in early 2010. The question is how come no one noticed until early 2012?

Update: IF you want to see some vulnerable camera images, Shodan has this webcam browser site available.