Wow - what were they thinking?

Moore and Wardle did catch Dropcam out on SSL -- Dropcam hadn't applied the patch for OpenSSL that fixes the Heartbleed vulnerability, but after it was notified by Synack, the company did it "very quickly," Wardle said.

Obviously they were thing along these lines uttered earlier:

"The Synack folks were not able to remotely compromise any of our cameras -- only ones they had physical access to," wrote spokeswoman Kate Brinks. "This is not a unique problem."