Ddos 
In its newly released report, Bitsight reveals that more than 40,000 internet-connected security cameras across the globe are completely exposed, streaming live footage without user consent, authentication, or even basic security measures.
“Most times, all that an attacker needs to spy on homes or even large organizations is just a web browser and the right IP address,” the report warns.
By leveraging their Groma internet scanning infrastructure, Bitsight researchers identified live camera feeds streaming from offices, factories, hospitals, homes, and even inside public transportation vehicles. The exposed devices were discovered across more than 100 countries, with the United States (~14k) and Japan (~7k) topping the list of exposures.
These weren’t obscure or obsolete devices. Many belonged to common manufacturers offering plug-and-play features — but prioritizing convenience over cybersecurity.
“An open camera means zero privacy. Whether it’s a baby monitor, a home security camera, or a pet cam, someone out there could be watching and you’d have no idea,” the report warns.
The report showcases the dangerous ubiquity of these exposed cameras:
- Homes and residential areas, where attackers can monitor family routines.
- Retail stores, revealing cash registers and safe locations.
- Factories, exposing proprietary manufacturing processes.
- Data centers, risking exposure of sensitive infrastructure.
- Hospital rooms, where even patient beds were caught on live footage.
One particularly alarming discovery: a camera monitoring an ATM, where “fraudsters would not even need to install their own hidden camera” to capture users’ PINs.
Bitsight’s researchers avoided any intrusive techniques, yet still accessed screenshots by leveraging known endpoints like /out.jpg or common RTSP paths such as /live.sdp and /video.h264.
“Et voilà! Even though the camera seemed to be protected, hitting the right URI allowed us to fetch a live screenshot from the device with no authentication required,” the report notes.
This lack of security not only breaches privacy but can also turn these devices into botnet soldiers, as seen in campaigns like Mirai and Eleven11bot, or even enable cyberattacks such as the Akira ransomware group’s exploitation of exposed cameras.
The dark web is rife with chatter around exposed cameras. Bitsight’s cyber threat intelligence team confirmed that attackers are not only actively scanning for these devices, but some even leave behind digital graffiti — taunting their victims and showcasing access on forums.
Bitsight recommends immediate action:
- Disable remote access unless required.
- Change default credentials immediately.
- Place cameras behind firewalls or VPNs.
- Update firmware regularly.
- Use detection tools like Bitsight’s Open Ports risk vector to monitor for exposure.
Donate