More than 40,000 security cameras worldwide are exposed to the internet, cybersecurity firm Bitsight warns.
Operating over HTTP or RTSP (Real-Time Streaming Protocol), the cameras expose their live feed to anyone knowing their IP addresses, directly from the web browser, which makes them unintended tools for cyberattacks, espionage, extortion, and stalking, the company says.
The HTTP-based cameras rely on standard web technologies for video transmission and control, and are typically found in homes and small offices.
Some of them were found completely exposed to the web, allowing anyone to access their administrative interface and tap into their video feed, while others required authentication, albeit would return screenshots of their live footage if the correct URI and parameters were provided via an implemented API.
RTSP cameras, on the other hand, are optimized for low-latency, continuous video transmission, and are typically used in professional surveillance systems. They are more difficult to fingerprint, but were found responsive to generic URIs, returning screenshots of their live footage.
Of the more than 40,000 cameras exposing their live feed, more than 14,000 are in the US, with Japan ranking second, at roughly 7,000 devices. Austria, Czechia, and South Korea have roughly 2,000 exposed cameras each, while Germany, Italy, and Russia have roughly 1,000 each.
In the US, most of the exposed cameras are in California and Texas, followed by Georgia, New York, and Missouri. Massachusetts and Florida have high concentrations of exposed cameras as well.
In terms of impacted industries, the telecommunications sector is affected the most, accounting for 79% of the exposed cameras.
According to Bitsight, this is because cameras that individuals may use to monitor pets, entrances, or backyards are connected to residential networks and their IPs are associated with the owner’s ISP.
When eliminating this industry, the technology sector emerges as impacted the most, with 28.4% of the exposed cameras, followed by media/entertainment with 19.6%, utilities with 11.9%, business services with 10.7%, and education with 10.6%.
According to Bitsight, threat actors are actively hunting for exposed cameras, with a lot of chatter seen on dark web forums.
Even if some of these devices may not seem like an immediate threat to privacy, they can be ensnared in botnets or used as pivoting points into an organization’s network, and Bitsight found numerous devices in offices, factories, restaurants, hotels, gyms, small shops, and other locations.
To keep these security cameras protected, users should secure their internet connections, replace default credentials, disable remote access if not needed, keep the devices always updated, and monitor them for unusual login attempts.
“If you have a security camera at home or manage surveillance cameras for your company, then taking the right precautions can make the difference between keeping your footage private and unintentionally broadcasting it to the world,” the company notes.
Related: Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras
Related: Unpatched Edimax Camera Flaw Exploited Since at Least May 2024
Related: The ‘Worst in Show’ CES Products Put Your Data at Risk and Cause Waste, Privacy Advocates Say
Related: FBI Warns of HiatusRAT Attacks on Cameras, DVR Systems
