US Govt Punishes IP Camera Manufacturer Trendnet

Author: IPVM, Published on Sep 05, 2013

IP camera manufacturer TRENDnet has settled with the FTC after the agency says the company’s advertising, combined with failure to use “reasonable security to design and test its software” resulted in unfair trade practices. Because of security flaws in more than 20 models of TRENDnet cameras, customers’ private camera feeds were available over the Internet  from devices sold to them to secure their homes, according to the FTC. In this note, we review the FTC complaint, the outcome and what the decision means for the industry. 

The Complaint Reviewed

Trendnet's camera line was, as it turns out, ironically branded "SecureView" including a logo on the packaging emphasizing:

According to the FTC complaint, a malfunction in the “Direct Video Stream Authentication,” a setting that controlled user credentials preferences, allowed live feeds to be accessed regardless of a user’s security settings. The feeds were initially made public after hackers exploited the flaw and posted links to “nearly 700 of the cameras” online. “The feeds displayed babies asleep in their cribs, young children playing, and adults going about their daily lives,” says the FTC. 

The FTC also says the company transmitted and stored user login credentials unencrypted, failed to implement a process monitor and assess third-party security reports (delaying the opportunity to fix flaws) and failed to do any type of security review of its software. TRENDnet released a patch shortly after the exploit. 

TRENDnet’s marketing claimed the cameras were “secure” or suitable for maintaining security, says the FTC. On its website, packaging and other advertisements, TRENDnet claimed the cameras could help protect a user’s home, family, property or business. However, because TRENDnet failed to provide security from unauthorized access to live feeds, that “caused, or [was] likely to cause, substantial injury to consumers that is not offset by countervailing benefits to consumers or competition and is not reasonably avoidable by consumers,” said the FTC in the complaint. “This practice was, and is, an unfair act or practice.”  

The Decision Reviewed

On Wednesday, the FTC announced that TRENDnet settled charges that it failed to protect its users' privacy. Although TRENDnet has acknowledged that the flaw was patched, by agreeing to a consent order it is not obligated to admit or deny any of the FTC’s complaints. 

The consent order bars TRENDnet from “misrepresenting the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit” and “misrepresenting the extent to which a consumer can control the security of information the cameras or other devices store, capture, access, or transmit.” The order covers all advertisements, promotional materials, installation and user guide, packaging, and any materials disseminated by the company. 

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

It also requires the company to establish a detailed program, in writing, to address security risks and secure user information. The company must have a third-party complete periodic assessments to ensure compliance to the order every two years for the next 20 years. The report for each assessment will be delivered to the FTC. All of these documents must be made available to the FTC for inspection upon request for the next five years. 

Revenue

TRENDnet is a relatively modest player in IP camera market -- according to the complaint, the 80-person company did $5.28 million in IP cameras sales in 2011, rising to $7.4 million in 2012. Assuming a low average selling price (say $70), that would mean ~100,00 IP cameras per year, though almost all in the consumer, non VMS space. However, the potential impact this decision has on the industry is big. 

Impact on Other Manufacturers

In the last few years, the FTC has made an effort to crack down on tech manufacturers who commit privacy violations, but companies producing security technology may get more of the brunt than an app designer that reveals social media data without permission. This case should be an eye-opener for camera manufacturers who make claims about increasing safety or preventing harm. If a company is claiming their cameras can keep a person, place or thing safe, and those cameras have an issue that could negate that safety or potentially cause harm to the user, then that is an unfair trade practice, according to the FTC in this decision. Manufacturers should be more cautious about the claims they’re making and the vulnerabilities they may have. The FTC has demonstrated that they will take action.

This is all the more interesting given that the physical security industry has been historically lax in implementing information security (rampant default password use, ongoing security issues).

1 report cite this report:

Hikvision (Stops) Lying About Ezviz Security on Mar 18, 2016
Hikvision promoted the security of their directly sold Ezviz consumer line to Americans in a March 9, 2016 release. False It featured this false...
Comments (2): PRO Members only. Login. or Join.

Related Reports on Privacy

Axis Partner Elder Care Video Analytics (Smartervision) on Dec 07, 2016
Can video analytics be used to improve the care of the elderly? Axis and a video analytics startup, Smartervision, are working together to do so....
Silicon Valley Startup Density Launches People Counting As A Service on Aug 09, 2016
A Silicon Valley startup says their people counting sensor is so accurate it's free, just pay for the data. They recently raised $4M from a top VC...
Americans Vastly Underestimate Being Recorded on CCTV on May 24, 2016
Americans vastly underestimate how often they are recorded on CCTV, by a factor of ~10x, based on a Google Consumer Survey study that IPVM recently...
Man Fights Crime With 21 Hikvision Cameras on Apr 08, 2016
Hero or lunatic? One man has taken the fight against crime into his own hands. His special power is CCTV and he is not afraid to use it. But many...
Surveillance Commissioning / Install Checklist on Feb 08, 2016
This 60+ point checklist helps end users, integrators and consultants verify that installation is complete. It covers the following...
Hikvision and the China Communist Party on Jan 12, 2016
Just days after getting $3 billion financing from the Chinese government, Hikvision celebrated opening their own Communist Party company committee....
Hospital Video Surveillance Guide on Jul 28, 2015
This 16-page guide explains the key uses, design factors, and players in the Hospital Surveillance market.   A global group of 50 integrators and...
School Video Surveillance Guide on May 26, 2015
This 13-page in-depth guide explains the key uses, drivers, factors and players in K-12 school video surveillance systems. A global group of 80...
German Anti-Surveillance Campaign Coming to US on Apr 15, 2014
The German Pirate Party recently created an anti surveillance campaign that focuses on the security (or lack of) that cameras provide people. The...
How Upskirt Surveillance Videos Can Be Legal on Apr 01, 2014
After a man was caught taking upskirt videos of women on a Boston metro route the state supreme court dismissed the case. In this note, we review...

Most Recent Industry Reports

2Gig Expands Into Commercial Intrusion With Vario on Jan 23, 2017
2GIG, an alarm product manufacturer best known for their wireless products, has introduced a new line of wired panels aimed at the commercial...
Integrator Service Vehicle Guide on Jan 23, 2017
Few assets are as commonly used by integrators and installers as their service vehicles. 125 integrators explained to IPVM in detail about their...
Goodbye Samsung, Hello Wisenet X on Jan 23, 2017
Samsung is gone but Hanwha is back. Their latest generation Wisenet X, touts a slew of new high end features including H.265, WiseStream II,...
Vivotek Favorability Results on Jan 20, 2017
Financially, Vivotek is doing relatively well. The company did ~$130 million in 2015 revenue and 2016 revenue (through Q3 reported) was up more...
PR Firm Pleads Don't Scrap PR Spending on Jan 20, 2017
PR is not dying, warns pleads PR firm. Take 40+ year old industry PR firm LRG, who recently lamented the 'misconceptions' that: Traditional PR...
Getting Started With Your IPVM Membership on Jan 20, 2017
Here's how to get started and get the most out of your IPVM membership. Books for Members All members can download the 3 member-only books below...
Jim Cramer Sucks Up To Knightscope on Jan 19, 2017
Credit must be given to Knightscope. They are raising money right now and despite their $80 million pre-money valuation against a lowly sub $1...
ADT Launches Canopy - Professional Monitoring For DIY Devices on Jan 19, 2017
The intrusion industry has criticized DIY security systems for years, claiming systems like Canary or Scout cannot match professionally installed...
Dahua UnFavorability Results on Jan 19, 2017
Dahua, the mega-Chinese surveillance manufacturer not primarily owned by the Chinese government has been trying to break out of the shadow of...
Paxton Hosted Access - Disruptive Low Dealer Pricing on Jan 19, 2017
Paxton is entering the hosted access game, with BLU, at a cost that is a fraction of key competitors. The different approach could be very...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact