Over 21,000 Live Cameras Exposed Without Authentication

An investigation by Mysterium VPN found that 21,786 internet-connected cameras are streaming live video without any authentication, exposing significant privacy and security risks. The majority of these vulnerable devices are low-cost cameras, particularly from budget brands. These cameras utilize protocols like RTSP, allowing anyone who knows their IP address to access the feeds. Major countries affected include Japan and the United States, where residential broadband connections contribute to the issue. This vulnerability is not due to hacking but a failure to implement basic security practices, such as setting unique passwords. The findings mirror the vulnerabilities exploited by the Mirai botnet in 2016, which also targeted devices with default credentials. Despite regulatory efforts to ban default passwords, many older devices remain unprotected, risking exposure of sensitive information.

Key Points: • Over 21,000 live cameras are streaming without authentication, posing security risks. • The issue primarily affects low-cost devices, with major brands having addressed similar vulnerabilities. • This situation mirrors past vulnerabilities exploited by the Mirai botnet, highlighting ongoing security failures.