TrendNet: A Cautionary Tale?
Hundreds of TrendNet customers found out the hard way that products they purchased, billed as home security cameras, weren’t all that secure. In January 2012, a hacker was able to breach TrendNet’s website, circumvent security credentials and access some 700 live-camera feeds monitoring inside customers' homes. Many of the videos were then disseminated on the Internet, a curious fact by itself in light of the complaint filed by the Federal Trade Commission, which said security flaws in the cameras allowed for the “unauthorized surveillance of infants sleeping in their cribs, young children playing, and adults engaging in typical daily activities.” The online community continues to recover from the trauma of being exposed to such tedium.
But for obvious reasons, customers were unnerved. The FTC wasn't happy either. The oversight committee’s complaint alleging that TrendNet misrepresented its software as secure and failed to adequately protect its customers resulted in a settlement, which was reached last week, according to multiple reports.
The story reached mainstream news. Unsurprisingly, it’s on the alarm monitoring industry’s radar as well, as I discovered in a short conversation with Stephen Doyle, executive vice president and CEO of CSAA. Doyle said he just returned from an Alarm Industry Communications Committee meeting in which 65 industry members were briefed by an industry lawyer on the legal ins and outs of the TrendNet snafu.
In terms of pertinence to the industry, the case seems fringy in some respects, relevant in others. It’s true, after all, that TrendNet cameras are unattached to alarms, and designed specifically for remote monitoring of homes via smartphones and other mobile devices. But it's relevant to the industry insofar as it deals with a few topics in the forefront of people's minds.
One of those topics is the viability and security of do-it-yourself monitoring systems. Another is cloud security, a topic that stands to grow in significance with the spread of IP panels, and as more companies migrate information and services to the cloud. Whether a company’s data becomes more or less secure when it’s transferred to the cloud is a hot-button industry debate with little consensus. Cloud adoption is likely to expand, but that doesn’t mean there won’t be skeptics. Either way, the TrendNet case perhaps intensifies the debate.
At TechSec 2014, Jeremy Brecher, VP of technology, electronic security at Diebold, will tackle some issues in this vein as part of the educational program, while also exploring ways security companies can thrive in an increasingly cloud-based environment.