The Federal Trade Commission said Wednesday it had settled the agency's first legal action against a marketer of the "Internet of Things," in this case the thing was an unsecure video feed that anyone could access.
According to the FTC, TRENDnet marketed SecurView cameras for home security and baby monitoring as "secure" when in fact its lax security practices allowed the video to be hacked and posted on the Internet.
"[T]he cameras had faulty software that left them open to online viewing, and in some instances listening, by anyone with the cameras' Internet address," the FTC said.
"The Internet of Things holds great promise for innovative consumer products and services. But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet," FTC Chairwoman Edith Ramirez said in a statement.
According to the complaint, in January 2012, a hacker exploited and publicized a flaw in the company's security and eventually live feeds of nearly 700 cameras were made public. The FCC said they showed "babies asleep in their cribs, young children playing, and adults going about their daily lives." It did not say just what those adults were caught doing.
It said TRENDnet, after it learned of the breach, did upload a software patch and sought to alert customers of the need to update their cameras.
The FTC could only go after the company because of the claim it made that the cameras were secure when they were not, so the resolution of the FTC complaint is not that the cameras have to be secure, but that the company can not misrepresent "the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit" or "the extent to which a consumer can control the security of information the cameras or other devices store, capture, access, or transmit."
The commission vote was 4-0.