Did you set up a web cam to check on your home while you're away, or to keep an eye on your kids? You may not be the only one watching that video feed.

Network hardware vendor Trendnet admitted yesterday that a firmware flaw could turn almost two dozen models of safety cameras into spy cameras for anybody to view. The company is rushing out firmware fixes for all the affected lines. Check the list—if you have one of the problem camera models, turn it off right now.

What exactly happened here? In early January a blog called Console Cowboys reported an interesting discovery about Trendnet's security cameras. While the video feed was nominally password-protected, this blogger found that appending a specific code to the camera's IP address bypassed the password requirement, throwing the video feed wide open.

The Threat Is Real

The Console Cowboys post offers detailed instructions for finding and hacking Trendnet cameras. Just to confirm that the threat is real, I followed the instructions. I searched the Shodan website for the realm "netcam" and checked the first ten IP addresses that turned up. Four were non-existent or offline. The rest asked for a username and password. I canceled the password request and appended the special code to the IP in the address bar.

Four sites simply returned "404 not found," but the other two gave me access to live video feed from webcams. One was a busy office with a timestamp two hours ahead of Pacific Time. A quick IP-address lookup identified its location as Nashville. From the other cam I got a view of a thermometer in Minneapolis somewhere. So, in my quick sample of ten possible addresses, two represented active cameras with unprotected video feeds.

Protect Yourself

If indeed your home has one of the problem cameras installed, surf to Trendnet's download page and see if new firmware for your particular camera is available. The company hopes to have updates for all models within a day or two. Don't turn it back on until you've obtained the update for your camera.