US Govt Punishes IP Camera Manufacturer Trendnet

Author: IPVM, Published on Sep 05, 2013

IP camera manufacturer TRENDnet has settled with the FTC after the agency says the company’s advertising, combined with failure to use “reasonable security to design and test its software” resulted in unfair trade practices. Because of security flaws in more than 20 models of TRENDnet cameras, customers’ private camera feeds were available over the Internet  from devices sold to them to secure their homes, according to the FTC. In this note, we review the FTC complaint, the outcome and what the decision means for the industry. 

The Complaint Reviewed

Trendnet's camera line was, as it turns out, ironically branded "SecureView" including a logo on the packaging emphasizing:

According to the FTC complaint, a malfunction in the “Direct Video Stream Authentication,” a setting that controlled user credentials preferences, allowed live feeds to be accessed regardless of a user’s security settings. The feeds were initially made public after hackers exploited the flaw and posted links to “nearly 700 of the cameras” online. “The feeds displayed babies asleep in their cribs, young children playing, and adults going about their daily lives,” says the FTC. 

The FTC also says the company transmitted and stored user login credentials unencrypted, failed to implement a process monitor and assess third-party security reports (delaying the opportunity to fix flaws) and failed to do any type of security review of its software. TRENDnet released a patch shortly after the exploit. 

TRENDnet’s marketing claimed the cameras were “secure” or suitable for maintaining security, says the FTC. On its website, packaging and other advertisements, TRENDnet claimed the cameras could help protect a user’s home, family, property or business. However, because TRENDnet failed to provide security from unauthorized access to live feeds, that “caused, or [was] likely to cause, substantial injury to consumers that is not offset by countervailing benefits to consumers or competition and is not reasonably avoidable by consumers,” said the FTC in the complaint. “This practice was, and is, an unfair act or practice.”  

The Decision Reviewed

On Wednesday, the FTC announced that TRENDnet settled charges that it failed to protect its users' privacy. Although TRENDnet has acknowledged that the flaw was patched, by agreeing to a consent order it is not obligated to admit or deny any of the FTC’s complaints. 

The consent order bars TRENDnet from “misrepresenting the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit” and “misrepresenting the extent to which a consumer can control the security of information the cameras or other devices store, capture, access, or transmit.” The order covers all advertisements, promotional materials, installation and user guide, packaging, and any materials disseminated by the company. 

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

It also requires the company to establish a detailed program, in writing, to address security risks and secure user information. The company must have a third-party complete periodic assessments to ensure compliance to the order every two years for the next 20 years. The report for each assessment will be delivered to the FTC. All of these documents must be made available to the FTC for inspection upon request for the next five years. 

Revenue

TRENDnet is a relatively modest player in IP camera market -- according to the complaint, the 80-person company did $5.28 million in IP cameras sales in 2011, rising to $7.4 million in 2012. Assuming a low average selling price (say $70), that would mean ~100,00 IP cameras per year, though almost all in the consumer, non VMS space. However, the potential impact this decision has on the industry is big. 

Impact on Other Manufacturers

In the last few years, the FTC has made an effort to crack down on tech manufacturers who commit privacy violations, but companies producing security technology may get more of the brunt than an app designer that reveals social media data without permission. This case should be an eye-opener for camera manufacturers who make claims about increasing safety or preventing harm. If a company is claiming their cameras can keep a person, place or thing safe, and those cameras have an issue that could negate that safety or potentially cause harm to the user, then that is an unfair trade practice, according to the FTC in this decision. Manufacturers should be more cautious about the claims they’re making and the vulnerabilities they may have. The FTC has demonstrated that they will take action.

This is all the more interesting given that the physical security industry has been historically lax in implementing information security (rampant default password use, ongoing security issues).

1 report cite this report:

Hikvision (Stops) Lying About Ezviz Security on Mar 18, 2016
Hikvision promoted the security of their directly sold Ezviz consumer line to Americans in a March 9, 2016 release. False It featured this false...
Comments (2): PRO Members only. Login. or Join.

Related Reports on Privacy

Hitachi Taking On Security Industry on Feb 09, 2017
Hitachi, bigger than Sony and Panasonic overall, with $89 billion USD 2016 total revenue, is expanding into the security industry. They are...
Axis Partner Elder Care Video Analytics (Smartervision) on Dec 07, 2016
Can video analytics be used to improve the care of the elderly? Axis and a video analytics startup, Smartervision, are working together to do so....
Silicon Valley Startup Density Launches People Counting As A Service on Aug 09, 2016
A Silicon Valley startup says their people counting sensor is so accurate it's free, just pay for the data. They recently raised $4M from a top VC...
Americans Vastly Underestimate Being Recorded on CCTV on May 24, 2016
Americans vastly underestimate how often they are recorded on CCTV, by a factor of ~10x, based on a Google Consumer Survey study that IPVM recently...
Man Fights Crime With 21 Hikvision Cameras on Apr 08, 2016
Hero or lunatic? One man has taken the fight against crime into his own hands. His special power is CCTV and he is not afraid to use it. But many...
Surveillance Commissioning / Install Checklist on Feb 08, 2016
This 60+ point checklist helps end users, integrators and consultants verify that installation is complete. It covers the following...
Hikvision and the China Communist Party on Jan 12, 2016
Just days after getting $3 billion financing from the Chinese government, Hikvision celebrated opening their own Communist Party company committee....
Hospital Video Surveillance Guide on Jul 28, 2015
This 16-page guide explains the key uses, design factors, and players in the Hospital Surveillance market.   A global group of 50 integrators and...
School Video Surveillance Guide on May 26, 2015
This 13-page in-depth guide explains the key uses, drivers, factors and players in K-12 school video surveillance systems. A global group of 80...
German Anti-Surveillance Campaign Coming to US on Apr 15, 2014
The German Pirate Party recently created an anti surveillance campaign that focuses on the security (or lack of) that cameras provide people. The...

Most Recent Industry Reports

Simplisafe is 'Blowing The Doors Off' on Feb 17, 2017
The company alarm dealers love to hate, Simplisafe, is 'blowing the doors off' according to Michael Barnes, one of the top financial advisors in...
Hikvision OEM DDNS Devices To 'Lose Remote Access' on Feb 17, 2017
The fallout of Hikvision's DDNS discontinuation is expanding, this time hitting OEM partner Supercircuits, who reports that on June 30th: The...
Milestone: "Easy Money Days Are Over" on Feb 17, 2017
Contrary to IPVM's criticisms, Milestone has reaffirmed that glory days remain. But they admit that they 'easy money days are over': Are the...
Directory of Alarm Panel Manufacturers on Feb 16, 2017
Alarm panels are the central controller of intrusion systems. The following is a list of manufacturers of alarm panels. This directory only covers...
Panasonic Favorability Results on Feb 16, 2017
Panasonic is one of the largest brands in the world and a long term provider of both video surveillance imagers and cameras. But, like all...
China Huawei Gives France Free City Surveillance on Feb 16, 2017
China is using its financial resources again, this time in France, just a month after the Chinese government funded a $100 million security /...
Hikvision Silicon Valley and Canada R&D Expansion on Feb 15, 2017
After massive growth in their sales team, Hikvision is now planning to add two new R&D centers in North America. In this report we examine...
Directory Of Wholesale Central Station Monitoring Providers on Feb 15, 2017
Wholesale central stations help smaller and local dealers providing monitoring to their customers. Dozens of options exist.  Below is the first...
Bosch/Genetec Video Cybersecurity Partnership Examined (CHAVE) on Feb 15, 2017
Surveillance products have been relatively weak when it comes to cyber security. Default passwords, open ports, and weak authentication mechanisms...
Security Alarm Industry Trends - Barnes on Feb 14, 2017
This is a review of key security alarm industry trends, taken from Michael Barnes' presentation at the 2017 Barnes Buchanan conference. Key trends...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact