Securing Your Home: Protect Your Internet-Connected Cameras from Online Exposure

TL;DR

Researchers discovered 40,000 unsecured internet-connected cameras streaming live feeds online. These exposed cameras pose significant privacy and security risks. Users are advised to secure their cameras by using unique credentials, updating firmware, and limiting camera use in sensitive areas.

Main Content

If you have internet-connected cameras in or around your home, it’s crucial to check their settings immediately. Recent research has uncovered 40,000 unsecured cameras broadcasting live feeds of homes and businesses online, raising serious privacy concerns¹.

The Scope of the Issue

BitSight’s TRACE research team identified this issue in a report released this month. The cameras were found to be streaming images without any password or authentication, making them easily accessible to anyone on the internet. While some of these cameras were installed in businesses such as offices, retail stores, and factories, many were likely connected to private residences².

Geographical Distribution

The highest concentration of exposed cameras was in the United States, with approximately 14,000 devices. California and Texas had the highest numbers within the US. Japan followed with around 7,000 exposed cameras. Other countries with significant numbers included Austria, Czechia, South Korea, Germany, Italy, Russia, and Taiwan³.

Privacy and Security Risks

The primary risk associated with these exposed cameras is privacy invasion. Cameras are often placed in sensitive areas like bedrooms and living rooms, making them prime targets for spying and extortion. Beyond privacy concerns, these cameras can also be exploited for surveillance by potential intruders planning physical break-ins⁴.

Potential Exploits

Access to the admin interfaces of these cameras is just one threat. Gaining SSH access could give attackers full control over the camera’s hardware and software, turning it into a gateway for further network compromises or integrating it into a botnet. Botnets, like the infamous Mirai, have been known to leverage internet-connected devices to launch denial-of-service attacks⁵.

Historical Context

The issue of compromised internet-enabled cameras is not new. Previous incidents include sites like Insecam, which streamed images from thousands of unsecured cameras worldwide. Vendors often prioritize ease of use over security, leading to widespread vulnerabilities. Regulations in the US and UK have been introduced to address these issues, but enforcement remains a challenge⁶.

Vendor Accountability

Even well-known brands have faced security lapses. For instance, Amazon’s Ring cameras were involved in a scandal where employees could access customer feeds, leading to privacy violations. Other vendors like Wyze and Eufy have also had security missteps, highlighting the need for vigilant consumer practices⁷.

Protecting Your Internet-Enabled Camera

To safeguard your privacy and security, consider the following tips:

• Use Unique Credentials: Set unique logins and passwords for your cameras and change default passwords.
• Limit Camera Use in Sensitive Areas: Avoid placing cameras in private spaces like bedrooms and bathrooms.
• Research Camera Vulnerabilities: Check if the camera brand has had security issues and how quickly they were resolved.
• Test Camera Access: Try accessing your camera remotely without credentials to ensure it’s secure.
• Regular Updates: Keep your camera firmware up-to-date with the latest security patches⁸.

Additional Resources

For further insights, check:

• BitSight Report on Compromised Security Cameras
• Malwarebytes on IoT Cybersecurity Regulations
• Tom’s Hardware on Privacy Concerns

References

1. “Thousands of private camera feeds found online.” (2025). Malwarebytes. Retrieved 2025-06-24. ↩︎

2. BitSight Research Team. (June 2025). “Bitsight identifies thousands of compromised security cameras”. BitSight. ↩︎

3. BitSight Research Team. (June 2025). “Bitsight identifies thousands of compromised security cameras”. BitSight. ↩︎

4. BitSight Research Team. (June 2025). “Bitsight identifies thousands of compromised security cameras”. BitSight. ↩︎

5. BitSight Research Team. (June 2025). “Bitsight identifies thousands of compromised security cameras”. BitSight. ↩︎

6. Malwarebytes Labs. (November 2020). “IoT Cybersecurity Bill Passed by Senate”. Malwarebytes. ↩︎

7. Malwarebytes Labs. (June 2023). “Amazon’s Ring Camera Used to Spy on Customers”. Malwarebytes. ↩︎

8. BitSight Research Team. (June 2025). “Bitsight identifies thousands of compromised security cameras”. BitSight. ↩︎