Alarming Discovery: 40,000+ Internet-Connected Surveillance Cameras Globally Exposed
Do Son 
Bitsight has uncovered over 40,000 internet-connected surveillance cameras left completely unprotected—many of which could be accessed in real time, offering live feeds from critical infrastructure sites, commercial facilities, and private residences. According to the researchers, this alarming revelation likely marks only the beginning, with the true scale of the problem potentially far greater.
The United States accounted for the largest share, with approximately 14,000 unsecured cameras—nearly one-third of the total discovered. Many of these devices streamed footage from within hospitals, data centers, manufacturing plants, and other sensitive locations. Experts warn that such video streams could easily be exploited for reconnaissance, bypassing security measures, harvesting technical intelligence, or conducting industrial espionage.
This discovery lends weight to earlier findings by the U.S. Department of Homeland Security (DHS), which, in a confidential bulletin obtained by ABC News in February, raised concerns about the role of Chinese-made surveillance equipment in espionage campaigns. Of particular concern were devices deployed in sectors like energy and chemicals—critical infrastructures that lacked even rudimentary protections such as encryption or authentication.
Bitsight emphasized that, in the vast majority of cases, accessing the camera feeds required neither hacking tools nor advanced technical skill. In some instances, simply entering an IP address into a browser was enough to gain direct access.
The study categorized the exposed systems into two main types:
- HTTP cameras, commonly found in domestic settings and accessible via web interfaces;
- RTSP cameras, designed for low-latency continuous streaming, more prevalent in commercial and industrial surveillance systems.
HTTP-based models proved most vulnerable, comprising 78.5% of all identified devices. These often featured APIs that allowed still-frame capture simply by constructing the correct URI and query parameters. Bitsight reviewed technical manuals, deduced endpoint structures, and sent repeated queries until images were retrieved.
RTSP systems presented a more complex challenge. Unlike HTTP counterparts, they reveal less about their servers. Investigators relied on HTTP headers, favicon hashes, and HTML metadata to detect them. However, due to the protocol’s opacity, identifying specific brands proved difficult. RTSP cameras accounted for 21.5% of the total.
Beyond industrial installations, researchers discovered cameras placed in hotels, gyms, construction sites, retail outlets, and private residences—revealing not only opportunities for espionage, but also for everyday criminality. For instance, attackers could observe store security shift changes or monitor the daily routines of potential victims.
Bitsight also noted activity on underground forums, where users shared IP addresses and stream descriptions—some marked “bedroom,” “child’s room,” or “garage”—suggesting deliberate targeting of vulnerable feeds for voyeurism or coercion.
According to DHS, a surveillance camera integrated into an IT infrastructure can serve as a “bridge” for lateral movement within networks, facilitating the theft of proprietary data or even the disruption of emergency automation systems.
What is especially concerning is that many of these camera models are shipped with security disabled by default—lacking encryption, passwords, or access controls. Users frequently leave factory settings unchanged, exposing devices to the simplest forms of network scanning. While harvesting a large number of video feeds requires a certain level of coordination, for a motivated attacker, the technical barrier remains remarkably low—complete compromise could be achieved in just a matter of hours.
Donate