Target 11 Investigates security flaws in Internet web cams



None - PITTSBURGH -- Chances are your laptop or desktop computer has a camera. You may use it to Skype or monitor your baby.
But did you know that someone may be watching you on your own camera?

It's a frightening scenario that raises questions about safety and security.

With the help of computer security experts at Cranberry-based Tiversa, an Internet security company, Target 11 Investigator Rick Earle was able to easily access dozens of wireless Internet cameras around the world.

That's in Paris, France. It's an individual sitting on the couch watching television. Anyone from anywhere in the world can watch these cameras as long as they have an Internet connection," said Rick Wallace of Tiversa.

Target 11 found the exposed cameras not only in homes, but a doctor's office in Atlanta, a coffee shop in Chattanooga, a conference room in Pittsburgh, and a nursing home in New Mexico. We watched as people walked in and out of the camera's views.

Experts say this wide open access provides potentially valuable information for criminals.

"It's actually counterproductive because you know the times when they are home and away," said Wallace, noting that a thief could use the information to break into a person's home after seeing them leave.

Many of the cameras are being used as baby monitors, and Wallace said they could be a haven for pedophiles.

Target 11 discovered that the problem is unique to a specific make of wireless Internet camera known as Trendnet's SecurView IP cameras sold between April of 2010 and this February.

A security flaw in the the design allows hackers to simply bypass the username and password, giving them complete access to the live feeds.

The company released a statement after becoming aware of the security flaw.

"Trendnet has made, in good faith, every effort to correct this situation and communicate with our customers. We sincerely apologize for this occurrence, and we will work earnestly to regain your trust," said Trendnet President and Ceo Pei Huang.

The company has released a firmware update that corrects the security flaw and secures the connection, but the problem is they have no way of alerting people who have not registered their cameras with the company.

And many are still apparently unaware of the problem.

"We were able to successfully access, in two days time, just fewer than 3,000 cameras," said Wallace, who indicated that the best way to eliminate any problem is to make sure that firmware is always up to date.

For more information on security flaws and what customers can do, visit Trendnet's website.