Thanks to @TechLOG to pointing me to this article by InfoseI’sland ‘Wireless Security: Wi-Fi Hacking Burglars Get Busted
This is one example of burglary in Seattle using non sophisticated materials to hack into network Wi-Fi of ‘over a dozen businesses along with 41 burglaries’.
Should companies such as TrendNet take their customer’s security more seriously, especially when they are selling security devices?
They are alleged to have stolen at least $750,000 in funds, computer equipment and other items.
No, this is not the Big Brother program, these are not actors, just normal people wanting to be ‘secure’. I can imagine the commercial argument of vendors explaining how wonderfully the tiny little camera could help them keep an eye on their lovely little baby, giving out the statistics about the number of babies dying from apnea blah blah blah….
Yes, apnea is a serious issue and I should not undermine its importance.
Rather disturbing was the news I spread on Twitter this morning about Web surveillance cameras in homes, bedrooms and bathrooms broadcasting live online. A failure of the firmware of the lavished webcam. I asked the BBC journalist, Leo Kellion who reported the incident if he was any surprised so many cameras would have been installed in bedrooms. Obviously, he was not surprised at all. As I mentioned to the journalist, I can understand a marginal need for such surveillance for babies who suffer from apnea, or elderly people, etc… In which case, there is a need for permanent surveillance. I am less sure about the need to broadcast online. @PaulBernalUK had a technical argument for it I cannot comment.
What I wish Kellion could have answered was which other rooms were monitored, apart his mention of the bathroom and if recordings were kept of the footage. I have also Googled the product and nowhere I could find any warning or notification for buyers about the firmware security whole. According to the article, the company could not contact them as rarely buyers would register their product. ~That means the movie is still on? What have they done to notify the data breach?
Here is the BBC report! http://www.bbc.co.uk/news/technology-16919664
What do you think you would do? Do you think the security risk worth the secure surveillance?
How should the Information Commissioner ensure the users to be informed for this failure?
These technologies find their legitimate use in some specific cases such as people with dementia, elderly people or babies with high risk of apnea. Dealing with highly sensitive data, how should they comply with strict regulations?
I don’t think we can reject them in block by prevailing privacy rights to power of technology for the well being.
Thank you to Leo Kelion for passing on more details on what the cameras have been broadcasting.
InformationWeekSecurity reports : “someone posting under the handle “someluser” on the Console Cowboys blog reported finding that while the Trendnet TV-IP110w–SecurView Wireless Internet Camera–he tested could be configured to require passwords, it would also accept anonymous requests. Taking what he learned, he was able to query Shodan–a search engine that can locate specific types of Internet-connected devices, including their IP addresses–and find at least 350 vulnerable devices. All of the cameras could apparently be accessed by appending the same 15-character code snippet to the camera’s IP address.
That finding was picked up last week by the Verge, which reported that following the Console Cowboys post, “links to the compromised feeds spread quickly on message boards like Reddit and 4chan,” while Pastebin posts released shortly thereafter listed links to what they said were 1,000 accessible webcams. Those links reportedly resolved to everything from children’s rooms and cat beds to parking lots and office doors.
The Trendnet research echoes a recent study conducted by HD Moore, who found that numerous videoconferencing systems are misconfigured and poorly secured, which gives attackers the ability to eavesdrop on sensitive communications. “
Ongoing curation of links and information on that subject on my Pearltrees. (click on each pearl to access the link)