Many poorly configured security cameras are exposed to hacktivists in Israel and Palestine, placing the owners using them and the people around them at substantial risk.
After the Hamas attacks on Israel, the cyber war has also started between both sides and their supporters. Hacktivists have already targeted SCADA and ICS systems in Israel and Palestine, and other exposed systems are their next potential target.
The Cybernews research team has found at least 165 exposed internet-connected RTSP cameras in Israel and 29 exposed RTSP cameras in Palestine, which are open and accessible to anyone. Many more could be vulnerable.
RTSP stands for real-time streaming protocol. While this communication system is useful for transferring real-time data, it offers neither encryption nor lockout mechanisms against password-guessing.
“Only basic skills are needed for a bad actor to find a camera and brute-force login credentials, as well-known software tools and basic tutorials have long been in the wild. Exposed RTSP cameras can pose several risks and dangers in a cyberwar scenario,” researchers warn.
There are at least 37 exposed RTSP cameras in Tel Aviv, 16 in Potah Tiqva, and 13 in Rishon LeZion.
In Palestine, most of the exposed cameras are in the West Bank, which may be related to Israel’s electricity blockade in the Gaza strip.
Militants may watch and exploit vulnerable cameras
The first and most significant risk of exposed IP cameras is hackers gaining access. This would allow them to view live feeds and record footage, which could be used for surveillance, reconnaissance, or gathering sensitive information.
“Exposed cameras can invade people's privacy if they are located in private or sensitive areas. Personal information, daily routines, or confidential conversations may be recorded and misused. This information could be used for intelligence gathering, espionage, or blackmail,” researchers write.
While individuals are at risk, it’s organizations or even government facilities that cyber adversaries are mainly interested in. Access to their RTSP cameras may provide a foothold for attackers to penetrate the network that the cameras are connected to. Once inside the network, they could move laterally to compromise other systems or steal data.
“Attackers might manipulate camera feeds to show misleading information, creating confusion or panic. For example, altering security camera footage to hide a break-in or to make it appear as if an event occurred when it did not,” researchers warn.
Also, like any other smart device, exposed cameras could be exploited by cybercriminals building botnets for denial of service (DDoS) attacks or any other malicious activities.
Therefore, the owners of exposed devices carry the responsibility not only for their own security but also for protecting the community.
Hide cameras with encrypted protocols and strong credentials
Separation and encryption, along with solid credentials, are the strategies that Cybernews researchers recommend to secure RTSP cameras.
In the best case, all security or other IP cameras should be connected to a separate protected subnet with end-to-end encryption, or WPA2 (Wi-Fi Protected Access 2), if the network is wireless.
- Use encryption mechanisms to secure communications between the camera and the viewing client. A virtual private network (VPN) for remote access is preferred.
- Ensure that RTSP cameras require solid and unique passwords for access. Using default or weak passwords is a common mistake that can easily lead to unauthorized access.
- Keep camera firmware up to date to address security vulnerabilities and improve overall system security.
- Implement access controls to limit who can view the camera feeds. This could involve using IP whitelisting or a VPN for remote access.
- Consider moving to protocols that provide encryption such as HTTPS.
“The significance of exposed RTSP cameras extends beyond technical vulnerabilities, touching on fundamental principles of privacy, security, ethics, and trust. Addressing this issue is essential not only for protecting digital assets but also for upholding the rights and values that underpin modern society,” researchers concluded.
You can read Cybernews’ research on exposed RTSP cameras worldwide for more details about the risks.
More from Cybernews:
Subsribe to our newsletter