The Plague of Unprotected Security Cameras
This post is also available in: 
עברית (Hebrew)
A badly defended security camera is an easy target for hackers, as there are tools for easily hacking internet protocol (IP) cameras, and research revealed the prevalent problem of unprotected security cameras.
According to Cybernews researchers, there are currently at least 8,373 real-time streaming protocol (RTSP) cameras exposed worldwide. Exposed cameras mean that anyone could find even the latest saved screenshots of what the cameras see, with some cameras being found on Google. Furthermore, many cameras are left with default access passwords like “admin”.
RTSP is a communication system that transfers real-time data from a multimedia source to an endpoint device, and while there are more secure alternatives, most modern IP cameras use this protocol that has no encryption or lockout mechanisms for password-guessing.
Cybercriminals and malicious actors can use the widely available open-source tools to exploit camera and network weaknesses, which can be easily found by scanning networks for exposed cameras.
This plague of poorly secured security cameras has various serious repercussions. The following are several risks provided by researchers at Cybernews:
The first risk is unauthorized access; RTSP cameras that aren’t protected can be accessed by anyone with the appropriate URL or software, which can lead to unauthorized viewing of live video feeds. These video feeds could potentially capture sensitive information, leading to privacy violations if accessed by unauthorized individuals.
Beyond privacy breaches, access to RTSP streams from security cameras could pose surveillance risks and be used for malicious purposes and criminal activities, threatening personal safety, public spaces, and secure facilities.
A concern from the cybersecurity world is network vulnerabilities since exploiting an exposed camera could potentially provide attackers with a foothold in the network and allow them to attack or access other devices connected to the same network.
Following are some recommended strategies for RTSP cameras, provided by researchers at Cybernews-
The main strategies are separation, encryption, and strong credentials. RTSP cameras should have strong and unique passwords for access, as default passwords commonly lead to unauthorized access. It is preferred to use encryption mechanisms to secure the communication between the camera and the intended viewer.
Another important strategy is keeping camera firmware up to date, in order to address security vulnerabilities and improve overall system security. Finally, implement access controls to limit who can view the camera feeds.
