This post is also available in: heעברית (Hebrew)

Many security cameras are exposed to hacktivists in Israel, which places their owners and the people around them at substantial risk.

After Hamas’ attack on Israel, the Cybernews research team has found at least 165 exposed internet-connected RTSP (real-time streaming protocol) cameras in Israel. While this communication system is useful for transferring real-time data, it doesn’t offer encryption or lockout mechanisms against password-guessing, which makes it very vulnerable.

The researchers warn that “only basic skills are needed for a malicious actor to find a camera and brute-force login credentials, as well-known software tools and basic tutorials have long been in the wild. Exposed RTSP cameras can pose several risks and dangers in a cyberwar scenario.”

According to Cybernews, the most significant risk of exposed IP cameras is hackers gaining access that would allow them to view live feeds and record footage, which could be used for surveillance, reconnaissance, or gathering sensitive information.

The researchers warn that while individuals are at risk, threat actors are more interested in organizations or even government facilities. Access to RTSP cameras could provide a foothold for attackers to penetrate the network that the cameras are connected to, and once inside the network, they could move laterally to compromise other systems or steal data. Another risk is attackers manipulating camera feeds to show misleading information and create confusion or panic.

All this to say that owners of exposed devices are responsible not only for their own security but also for that of the community.

Cybernews recommends separation and encryption along with solid credentials to secure RTSP cameras. They add that all security or other IP cameras should be connected to a separate protected subnet with end-to-end encryption, or WPA2 (Wi-Fi Protected Access 2) if the network is wireless.

They conclude- “The significance of exposed RTSP cameras extends beyond technical vulnerabilities, touching on fundamental principles of privacy, security, ethics, and trust. Addressing this issue is essential not only for protecting digital assets but also for upholding the rights and values that underpin modern society.”