New research from Bitsight reveals that thousands of internet-connected cameras, originally intended for protection, are now creating serious security risks. The latest findings from the Bitsight TRACE team identified more than 40,000 exposed cameras streaming live over the internet. Found across various sectors, including manufacturing, transportation, and healthcare, these devices lack passwords or any meaningful security controls, leaving them openly accessible, enabling anyone to view their live footage without restriction.
The U.S. and Japan top the list for exposed internet-connected cameras, ranking first and second in global exposure. In many cases, attackers only need a web browser and the correct IP address to gain access to live camera feeds inside homes, businesses, and large organizations. Bitsight researchers conducted an internet-wide scan targeting HTTP-based and RTSP-based cameras to uncover these vulnerabilities. The U.S. accounted for approximately 14,000 exposed cameras, followed by Japan, Austria, Czechia, and South Korea.
“No matter the reason why one individual or organization needs this kind of device, the fact that anyone can buy one, plug it in, and start streaming with minimal setup is likely why this is still an ongoing threat,” João Cruz, principal security research scientist at Bitsight wrote in a Tuesday blog post. “And it doesn’t take elite hacking to access these cameras; in most cases, a regular web browser and a curious mind are all it takes, meaning that the 40,000 figure is probably just the tip of the iceberg.”
Given the high number of exposed cameras in the U.S., Bitsight extended its analysis to examine how these devices are distributed across individual states. The data reveals that states such as Texas, California, Georgia, and Illinois have some of the highest concentrations of exposed internet-connected cameras. This geographic spread underscores the widespread nature of the risk and highlights that no region is immune to the problem.
Researchers also detected discussions on dark web forums where malicious actors were actively sharing information about these exposed camera feeds.
In its report “Big Brother Is Watching (And So Is Everyone Else),” Bitsight revealed that the telecommunications sector is linked to the majority of exposed cameras it identified. These devices, commonly used by individuals to monitor pets, entryways, or backyards, are widely available and connected to residential internet networks.
Also, residential cameras have been found streaming footage of front doors, backyards, and even living rooms. In office settings, some cameras reveal whiteboards and computer screens containing confidential information. Cameras inside factories have exposed proprietary manufacturing processes. In some cases, public transportation cameras have streamed live footage of passengers without their knowledge or consent. Clearly, as their IP addresses are publicly accessible, they are tied to the user’s Internet Service Provider, which typically belongs to the telecommunications sector.
“More often than not, these HTTP-based camera interfaces don’t just allow access to the live footage—they also provide the owner with administrative controls and settings. While some of these options are protected by login credentials, that’s not always the case,” the report added. “We’ve come across HTTP-based cameras exposing their admin interfaces, where it was possible not only to manage users and passwords but even to enable remote access features like SSH.”
Bitsight’s investigation uncovered many factories being monitored by exposed cameras. “These are likely used to ensure operations are running smoothly, but they can also lead to serious risks and damage to businesses, such as competitors spying on your production line and using that information to improve their own manufacturing processes.”
Identifying HTTP-based cameras in the wild is no simple task. With thousands of manufacturers, each offering multiple models and often several distinct web interfaces, it can be difficult to determine whether a particular webpage belongs to a network camera.
To address this challenge, researchers examined several dozen of the most widely used camera manufacturers and their associated software. They developed a fingerprinting technique to assess whether an HTML page likely originates from a specific brand of network camera. This approach involves analyzing key identifiers such as the HTML favicon hash, HTTP headers, and the HTML page title.
Bitsight also revealed that currently scanning for cameras from just a few dozen of the most prevalent manufacturers (i.e., the ones we know how to detect and capture screenshots from). “Expanding our fingerprinting capabilities would likely uncover even more exposed cameras, but that’s a task for another day.”
The report also revealed that several exposed cameras were used by a public transportation company. “We know this because, well, they are installed inside what appear to be trams. Since all of the cameras seem to be from the same manufacturer and their IP addresses trace back to approximately the same geolocation, we assume they all belong to the same company. This is posing an obvious privacy risk to passengers.”
They also found cameras exposing patients in hospitals. “This might be the most concerning one yet. We uncovered some cameras installed in what appear to be hospitals or clinics monitoring patients, likely to allow nurses to oversee them remotely from a central location (just a hypothesis). We probably do not need to explain why this is such an unexpected scenario.”
Bitsight first highlighted this issue in 2023, and the new study shows that the problem remains unresolved. Cameras designed for security or convenience have instead become public viewing points into private and sensitive spaces, often without the knowledge of the individuals or organizations that own them. The ease of purchasing, installing, and using these devices with minimal setup continues to drive their widespread exposure and associated risk.
Creating a serious security risk, Bitsight noted that a camera that was meant to stream a beautiful cityscape could just as easily become part of a botnet like the infamous Mirai or the recently discovered Eleven11bot botnet. “It could also be used as a foothold to pivot within your network and compromise other devices. Recently, the Akira group demonstrated this risk by exploiting webcams to deploy ransomware, and we at Bitsight TRACE have also analyzed the latest massive DDoS on X and revealed that some compromised cameras and NVR devices (Network Video Recorders) were used as part of the attack.”
It added that while an open camera streaming a scenic view might not harm privacy, it could very well be hijacked and exploited by malicious actors if they manage to create the right conditions.
Just last month, U.S. cybersecurity agencies and international partners issued a joint advisory exposing a Russian state-sponsored cyber espionage campaign. The operation, attributed to the GRU’s 85th Main Special Service Center (Unit 26165), has been targeting technology and logistics firms, including those supporting the transport of foreign aid to Ukraine, for over two years. The unit has leveraged IP cameras and supply chain vectors to conduct its intrusions.
Before that, in February, the Department of Homeland Security (DHS) issued a bulletin warning that internet-connected cameras manufactured in China could potentially be exploited for espionage targeting the nation’s critical infrastructure installations. According to the bulletin, these cameras usually lack data encryption and secure configuration settings, leaving them vulnerable to cyber threats. Additionally, the cameras are designed to communicate with their manufacturers by default, raising concerns about unauthorized data access and surveillance.
