Over 40,000 Internet-Connected Cameras Exposed, Streaming Live Online
Bitsight TRACE has uncovered more than 40,000 security cameras openly accessible on the internet—streaming live footage from homes, offices, factories, and even sensitive datacenter rooms.
This widespread exposure, which Bitsight first flagged in 2023, shows no sign of improvement, leaving millions potentially vulnerable to unwitting surveillance, industrial espionage, and privacy invasion by anyone with a web browser and basic technical know-how.
Technical Background and Methodology
Bitsight TRACE’s latest research scanned the entire internet for HTTP-based and RTSP-based camera feeds.
HTTP (HyperText Transfer Protocol) is the foundation of data communication for the web, while RTSP (Real-Time Streaming Protocol) is used specifically for streaming media.
Both protocols are commonly supported by surveillance cameras for remote monitoring.
A simplified example of how such scanning is performed (using common command-line tools on Linux):
bash# Example: Scanning for open RTSP cameras using nmap
nmap -p 554 --script rtsp-url-brute
# Checking for open HTTP ports on a subnet
curl -v http://:/index.html
Such scans are typically performed using automated tools like nmap, Shodan, or custom-built crawlers that probe for default paths and ports used by cameras (such as /live.sdp, /cam/realmonitor, or port 80/554).
- Total exposed cameras: 40,000+
- Leading countries: United States (~14,000), Japan, Austria, Czechia, South Korea
- Protocols: HTTP, RTSP
- Access requirements: None (no authentication, or default credentials left unchanged)
Risks, Exploitation, and Real-World Impact
Accessing these cameras requires no sophisticated hacking. In many cases, a simple web browser is all that’s needed.
Bad actors are actively discussing and selling access to exposed feeds on dark web forums. Here’s a sample of what a typical “camera for sale” listing might look like (fictionalized for security):
- Credential Stuffing: Attackers use lists of default usernames/passwords (admin/admin, root/12345) to gain access.
- Direct HTTP/RTSP Access: Cameras are often left with exposed streams, accessible via URLs like
rtsp://.:554/live.sdp - Automated Scanners: Tools like Shodan or custom scripts constantly scan the internet for vulnerable devices.
| Brand | Default Username | Default Password |
|---|---|---|
| D-Link | admin | (blank) |
| Hikvision | admin | 12345 |
| TP-Link | admin | admin |
| Dahua | admin | admin |
- Residential: Live footage of living rooms, bedrooms, front doors.
- Commercial: Whiteboards with confidential information, sensitive meetings, proprietary processes.
- Industrial: Manufacturing secrets, inventory, critical infrastructure.
- Public: Transportation cameras, hospital waiting rooms.
Recommendations for Camera Owners and Operators
- Check Exposure: Try accessing your camera from a device outside your home network. If you can view the feed without logging in, your camera is exposed.
- Change Default Credentials: Immediately change default usernames and passwords to strong, unique combinations.
- Disable Remote Access: If you don’t need remote viewing, turn off internet access for your camera.
- Update Firmware: Regularly check for and install firmware updates from the manufacturer.
Organizations
- Use Firewalls and VPNs: Restrict camera access to internal networks or use VPNs for secure remote access.
- Monitor Access: Set up alerts for unusual login attempts or access from unexpected locations.
- Regular Audits: Periodically scan your network for exposed devices using tools like nmap or vulnerability scanners.
Sample Bash Script for Network Camera Audit
This script checks a local subnet for HTTP devices with “camera” in their response, which can help identify exposed cameras on your network.
As surveillance technology becomes more accessible and easier to deploy, the risks of misconfiguration and cyber exposure grow exponentially.
Bitsight TRACE’s findings documented in their report “Big Brother Is Watching (And So Is Everyone Else)” paint a stark picture: security cameras intended to protect us are, in many cases, doing the opposite.
To stay ahead of this threat, camera owners and operators must take proactive steps.
Change default passwords, disable unnecessary remote access, keep firmware updated, and monitor for suspicious activity. For organizations, enforce strict access controls via firewalls and VPNs, and regularly audit your network for vulnerabilities.
With over 40,000 cameras exposed globally and likely many more undetected now is the time to act.
The privacy and security of homes, businesses, and public spaces depend on it. For more detailed findings and actionable intel, visit the Bitsight portal and consult their Open Ports risk vector section.