A big red "critical update patch" banner showing on the TRENDnet site already, nice to see.

There's a googledoc floating around with a big list of urls for these things. It includes significantly more than the 350 devices he mentions iirc.

All is public, since doesn't have password. I took a pastebin list, a free geolocation API, and I made this to play: http://big-brotha.appspot.com/static/index.html

+1 for effort, but this is really very unethical. Literally all those cameras are broadcasting without their owner's permission

Yes, I disabled the application now. But it took me 2 hours to put it online and it was really easy. People must stop the surveillance of all other people, I think.

This is why you put your permission checks on the resource itself, not on the link to the resource (well, in addition to, really).

Trendnet appears to be in compliance with its GPL obligations (at first glance.) It should be possible for anyone to develop a patch for the camera.

That assumes that 1) the device doesn't require signed blobs, which would prevent you from putting your own code on it (easily), and 2) that their own components are open source, thus patchable without wrapping the service or patching the binaries.

Which is nice but we shouldn't need to patch appliances to be able to use their basic functions in at least somewhat secure manner.

And programs should never have bugs, and car accidents should never happen.

Sometimes sh*t happens. It's all about how you deal with it.

I have one of these cameras, specifically, the TV-IP422W. Great to see TRENDnet pushing an update so fast.

Saw this on Reddit weeks ago (maybe a month+?). Glad to see the matter has finally been addressed.

This seems very illegal (looking through someone elses camera)

Why should this be any more illegal than looking at someone elses website?

If looking at someone's website was like looking at someone's house, this would be like trying people's front doors and coming in if they were unlocked.