Years later, some security cameras are still open to hackers
WASHINGTON — Several widely available security cameras and wireless routers can be easily hacked to reveal customers’ video feeds online, researchers disclosed Wednesday, reigniting privacy concerns four years after the Federal Trade Commission filed charges to eliminate similar vulnerabilities.
A Maryland-based cybersecurity startup called ReFirm said it discovered the flaws in internetconnected products sold in the United States by manufacturers TRENDnet, Belkin and Dahau.
The researchers said they were able exploit weaknesses in the gear to access video feeds freely available on the Internet from people’s security cameras. Their report shows images of what appear to be live video feeds of a playground, a department store, a solar farm, an industrial control system and what appears to be the entrance to a person’s home.
The cybersecurity firm alleged that the cameras made by Dahau, a Chinese manufacturer, contain what appears to be a hard-coded “backdoor” to let outsiders gain access to the feeds.
Other vulnerabilities were found in Belkin wireless routers and cameras made by TRENDnet, which in 2013 settled FTC allegations that it failed to adequately protect consumer privacy. The settlement contained no admission of wrongdoing.
ReFirm said it shared its findings with the companies before releasing its report publicly. Dahau did not respond to requests for comment. TREND- net said in a statement the company “takes consumer privacy and security very seriously.”
TREND net’ s internetconnected cameras are all “tested by both an internal audit team, and a leading 3rd party security group,” the company said in a statement. “TRENDnet is currently reviewing the report to validate the vulnerability claims; we will release a patch soon for any confirmed vulnerabilities .”
Belkin said it has already taken action to addresss the weaknesses.
Cybersecurity profes- sionals have warned for years that the so-called “internet of things” — everyday objects that can be controlled through the internet — present potential safety and privacy concerns for consumers.
“This is a problem that is often endemic to the ‘internet of things,’ ” said Justin Brookman, director of consumer privacy and technology policy at Consumers Union, an advocacy group. “Companies connect things to the internet and it isn’t until later that they stop to think ‘how could this go badly?’ ”
There have been no reports that the cameras have been exploited by malicious hackers. In its report, Re Firm documents how it was able to gain access to a security camera made by TRENDnet by searching for weaknesses in its firmware.
Re Firm researchers said they found a vulnerability that lets anyone gain access to a TRENDnet camera by typing 12 specified characters into a web browser, followed by the internet address of the video camera, which can be found relatively easily online.