Anyone using one of these cameras should update the firmware without delay. Many other TRENDnet cameras also appear to be affected – according to someLuser, the firmware for the company's TV-IP121W, TV-IP252P, TV-IP410WN, TV-IP410, TV-IP121WN and TV-IP110WN models has been updated.
TRENDnet has already responded by providing a firmware update promising "improved security", which can be downloaded from its support page. Linksys Connect offers powerful tools for managing your Wi-Fi such as Security settings, Guest access, Parental controls and Advanced settings. Navigating to a camera web server URL displays the video stream recorded by the camera – this occurs whether or not a password has been set. The Linksys Connect software is a step-by-step setup wizard that will have your computer and other networking devices connected wirelessly in minutes. For demonstration purposes, someLuser has put together a Python script which uses server search engine Shodan to find cameras. Random sampling by The H's associates at heise Security found that most of the cameras were indeed freely accessible, providing views of offices, living rooms and children's bedrooms. Lengthy lists of freely accessible video streams are already circulating on the web.
He discovered the vulnerability whilst exploring the firmware on his TV-IP110w camera using a tool called binwalk. Consolecowboys blogger someLuser has identified a security vulnerability in some TRENDnet IP cameras which permits inquisitive web users to access them without authentication.
0 kommentar(er)
