If you have an internet-connected camera inside your house or have been to a place with surveillance, you are in for a shock. According to security researchers, over 40,000 IoT security cameras have been hacked globally, with their footage available to stream through web browsers. The live feed siphoned off from these cameras includes private footage — a major privacy fiasco that the US Department of Homeland Security (DHS) believes has a connection with China.
Security researchers at Bitsight said their findings corroborate a DHS bulletin that warned users about cameras being used in Chinese espionage. Other than espionage, the findings suggest the feeds may have been used for mapping blind spots and secretly collecting trade secrets. They claimed they were able to tap into the live feed of over 40,000 cameras, 14,000 of which were located inside data centres, hospitals, factories, and elsewhere across the US.
While the cameras installed at public institutions may have provided the hackers with information with potential national security implications, feeds from hotels, gyms, construction sites, retail stores, and residential areas were also available. Bitsight said such footage could be used in several ways, such as informing robbers about the break-in spots or monitoring individual residences.
According to researchers, leaving a camera exposed on the internet “is a bad idea, and yet thousands of them are still accessible.” Hacking a camera connected to the internet no longer requires sophisticated tools or special techniques. “In many cases, all it takes is opening a web browser and navigating to the exposed camera’s interface,” the report said, explaining how HTTP (Hypertext Transfer Protocol) and RTSP (Real-Time Streaming Protocol) technologies are prone to hacking easily.
The researchers said that HTTP-based cameras — with a market of over 78.5 per cent — are easy targets, while RTSP-based cameras, which are harder to intercept, are just 21.5 per cent. They said it is easy to hijack internet-connected cameras made in China as they lack encryption and security protocols by default. These cameras are often used in critical infrastructure sectors, such as energy and chemicals.
While access to feeds from these cameras is almost effortless, hackers often move ahead with nefarious plans such as initiating a cybercrime, disabling safety systems, or exfiltrating sensitive operational data.
