TRENDnet was recently contacted by a firm with claims of vulnerabilities on the TV-IP344PI and the TEW-816DRM. The report does not provide enough detail to identify the exact vulnerabilities claimed. However, while trying to replicate the hacks mentioned in the report, TRENDnet's 3rd party vulnerability testing group discovered that the TV-IP344PI camera may have a potential vulnerability. TRENDnet is working on a patch and it is expected to be available in approximately 1-2 weeks. Updates will be posted on TRENDnet website, and e-mails will be sent to those that registered their products.
As a preventative measure, TRENDnet has stopped shipment and recalled all TEW-816DRM, TV-IP344PI, and TV-IP345PI units. While the TV-IP345PI was not mentioned in the report, the two cameras share the same software. Both of these cameras are relatively new, and less than 100 units have been sold each model. It's also important to note that of all the products that are available, only these three models were affected.
TRENDnet has taken several additional measures to help identify and patch any vulnerabilities before products are released into the market. The reliability of TRENDnet products is something TRENDnet addresses every day, and these types of hacks and vulnerabilities affect the industry as a whole. It is an uphill battle, but TRENDnet will continue to do whatever it can to ensure its products go through vigorous testing to prevent these vulnerabilities in the future.
TRENDnet goes above and beyond the industry standard for vulnerability testing. These steps include, but are not limited to:
- Establishing a testing program to identify and monitor product vulnerability and proper handling of customers’ sensitive information
- Hiring a leading 3rd party product vulnerability testing company to perform product vulnerability and penetration testing, architecture review, and code review for IP cameras and IoT products
- Providing biennial audits for the program (performed by the 3rd party testing company)
TRENDnet has had experience with both amateur and professional hackers in the past, but now TRENDnet has encountered the expertise of one of the highest levels of hacking, ex-NSA agents. TRENDnet is prepared to meet this new challenge, and is determined to improve the process. TRENDnet is working with its 3rd party vulnerability testing group to enhance and improve its testing parameters to meet this higher level.