Security cameras that are supposed to protect users from dangers are actually putting users at risk, security experts warn. Forty thousand exposed internet-connected cameras have been discovered, 14,000 in the US alone.
Thousands of cameras stream online without passwords or other protections, and can be accessed by anyone, according to a report by BitSight, an American cybersecurity ratings company.
Attackers need only the right IP address and browser to spy on homes and even large companies. Finding IPs is easy because IoT search engines constantly probe the internet and flag all the exposed services.
“These cameras – intended for security or convenience – have inadvertently become public windows into sensitive spaces, often without their owners’ knowledge,” the report reads.
BitSight says the United States leads the charge with roughly 14,000 exposed online cameras, followed by Japan (7,000), Austria (2,000), Czechia (2,000), and South Korea (2,000). The distribution across the states reveals that California and Texas have the most exposed cameras.
“Not all online cameras are bad: some people stream beaches or birdhouses on purpose,” the researchers noted.
However, these are rare cases. The report included snapshots of a house's entry and an exposed data center room. Researchers say that often exposed devices are residential cameras, office cameras that expose whiteboards and screens with confidential information, factory cameras that may reveal manufacturing secrets, and even public transport cameras streaming passengers.
Some of the exposed cameras are monitoring ATMs, patients in hospitals
The telecommunications sector accounts for the majority of exposed cameras.
“Anyone with access to a camera inside an organization’s facilities could gather invaluable intelligence and use it to their advantage,” the researchers warn.
The report warns that even when some cameras require a password to access the management panel, their API openly exposes the video stream, which can be accessed by crafting a specific URL, depending on the camera manufacturer.
On dark web forums, cybercriminals openly discuss tools and practices for finding and abusing such cameras, and even sell access.
BitSight urges users to check if their cameras are accessible from the internet.
“Change default usernames and passwords. Many cameras come with weak or publicly known default credentials. Set a strong, unique password, the researchers said.” Disable remote access if you do not need it. If you only use your camera on your home network, there is no reason to allow outside connections.”
Keeping firmware up to date will help plug the security vulnerabilities that are being discovered regularly.
Your email address will not be published. Required fields are markedmarked