Skip to content

Over 40,000 security cameras found accessible via internet

  • by
  • 2 min read

Security researchers have discovered over 40,000 security cameras around the world that are exposed to the internet and can be accessed remotely by unauthorised intruders. Roughly 14,000 of these cameras are in the US, followed by Japan, coming in at 7,000.

The cameras were spotted by researchers from cybersec firm Bitsight, who claim that most of these unprotected cameras are from the Telecom sector, at around 79%, followed by tech, which is 28.4%. Then we have media at 19.6%, utilities at 11.9%, business services at 10.7%, and education at 10.6%.

These are HTTP or RTSP-based cameras that can be accessed via a specific link that includes the IP address and port number of the camera. HTTP cameras are more prone to unauthorised access, but identifying them can be difficult, especially considering the number of different models and vendors available in the market. This is usually caused by improper configuration, and researchers recommend disabling remote access altogether on security cameras unless required.

This is an image of exposed camera world map
Exposed security cameras around the world | Source: Bitsight

Regardless, the researchers analysed popular brands to create an identification method that uses favicon hashes, HTTP headers, and HTML titles to get into vulnerable cameras. Even if a camera appears to be protected, it can be accessed provide the intruders know the right URL, effectively bypassing any authentication measures put in place.

Researchers found little success with RTSP cameras, as they don’t have identifiers like favicon hashes and HTML titles. However, testing common RTSP URLs like /live.sdp or /video.h264 with tools like FFmpeg did home some success.

These cameras often connect to residential networks and are a big risk to the owner’s privacy and safety as they give outsiders access to live footage being captured in homes, offices, stores, factories, and even more sensitive areas like ATMs, hospitals, or data centers. Exposed feeds in Bitsight’s report include private residences, retail shops, public transport, and hospital patient areas.

In the News: Airtel’s “Anti-Spam” AI is a black box with no one watching

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

Illustration: jmiks | shutterstock

New ransomware gang found terrorising Windows and Linux PCs

Top 25 call of duty (cod) wallpapers every gamers should check out

COD WWII hacked; PC version taken offline

This is an image of google office detroit

Google receives $314 million fine for misusing Android cellular data

This is an image of china taiwan featured 1

Taiwan issues warning against 5 Chinese apps

A qantas airline flight taking off

Australian airline Qantas says data theft affected 6 million customers

This is an image of phishing featured storyblocks

Hackers caught weaponising Vercel’s AI tool to create phishing pages

>