Imagine you set up a camera to monitor your kids when they get home from school, or your business while you go to lunch. Now imagine that feed that you're able to access on the Internet wasn't secure and that others could view your private feed.
That's what happened to hundreds of consumers that relied on Trendnet's SecurView IP cameras when a hacker publicized a flaw in system that posted links to live feeds of nearly 700 cameras.
Charging the company with lax security and falsely misrepresenting its "SecurView" product as secure and suitable for maintaining security, the Federal Trade Commission Wednesday announced a settlement with Trendnet, which will have to implement a comprehensive security program to protect data and address security risks.
The case is the first FTC enforcement action against a marketer of an everyday product with interconnectivity to the Internet and other mobile devices. Referred to as the "Internet of things," FTC chair Edith Ramirez signaled in March the Internet of things would be one of her top priorities as head of the agency. The FTC scheduled a workshop on the emerging issue for December.
"The Internet of things holds great promise for innovative consumer products and services. But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet," Ramirez said in a statement.
For the next 20 years, the California-based tech gear company will have to get yearly independent third-party security assessments. It will also have to notify consumers about the problem, and offer free technical support for two years to help people update their systems or uninstall cameras.
In a statement, Trendnet said it took steps to resolve the hack as soon as it found out. "The product hack and the subsequent FTC action was used as an opportunity to improve best practices which support augmented product security for existing and future products," the company said.