Peep show: 40K IoT cameras worldwide stream secrets to anyone with a browser

2025-06-10 16:59:02

gadgeteer@hub.netzgemeinde.eu

Peep show: 40K IoT cameras worldwide stream secrets to anyone with a browser

“Security researchers managed to access the live feeds of 40,000 internet-connected cameras worldwide and they may have only scratched the surface of what's possible. The US was the most affected region, with around 14,000 of the total feeds streaming from the country, allowing access to the inside of datacenters, healthcare facilities, factories, and more. Bitsight said these feeds could potentially be used for espionage, mapping blind spots, and gleaning trade secrets, among other things.”

After all the previous warnings, and even sites published that show these camera feeds, I can't believe this is still such a big thing.

There are essentially two ways to quickly stop this with any of your cameras:
1. Prevent any Internet access for the cameras at all: Put them on a VLAN that has no Internet access, or on a guest network that has Internet disabled, and make sure UPnP is disabled on your router (that automatically opens firewall ports), etc.
2. Log into each camera and change the default password or set a password.

The problem is most of these cameras come with an enabled API, and also a default username and password (which are known).

It is clear that too many people are just bringing home any old IP camera or IoT device and plugging them in on their home (well in many cases work too it seems) networks. Yes it may work fine, but it could be punching holes through your firewall. This is not malicious really, as some devices try to get time sync from the Internet, or they want to check for updated firmware, etc. But they can expose your video and your network.

These IoT devices are becoming a bigger and bigger problem, as default security is just about non-existent (remember Microsoft wanting to keep things simple and enable everything so as not to complicate things for users?), and they often have no way of really getting proper security patch updates either.

Unfortunately, as I mentioned in a post about two months back around IoT and security, ease of use and security are diametrically opposed to each other. Security is not easy, and easy is usually not secure...

See 40,000 cameras expose feeds to datacenters, health clinics

: Majority of exposures located in the US, including datacenters, healthcare facilities, factories, and more

#technology #security #vulnerabilities

technology IoT security vulnerabilities