A security camera that is improperly set up presents a vulnerability because hackers can easily access it. Internet protocol (IP) cameras can be easily hacked with the help of tools, and some owners even leave theirs open for public access.
Real-time streaming protocol (RTSP) cameras are reportedly available worldwide on at least 8,373 different networks, according to the Shodan search engine. According to researchers at Cybernews, anyone could access even the most recent screenshots of what the cameras record.
Even some camera manufacturers’ default URLs, which are frequently used by camera vendors, could be found on Google.
Usually, many cameras are left with default access passwords such as “admin”, as revealed by other Cybernews research.
Real-time data is transmitted from a multimedia source to an endpoint device via the RTSP communication protocol. Although more secure alternatives exist, the majority of contemporary IP cameras still use this outdated protocol that does not support encryption or password-guessing lockouts.
“It means that if a bad actor found a camera and wanted to brute-force login credentials, he could use well-known software tools to do so without any interruption or lockout,” the The research team at Cybernews reported.
The majority of cameras that were exposed were discovered in Taiwan, Vietnam, South Korea, Russia, and Iran.
There are a large number of readily available IP cameras all over the world, according to earlier research.
Hackers Have a Powerful Toolkit
With readily available open-source tools, cybercriminals can take advantage of network and camera flaws.
One can access cameras that have been exposed to the internet by using a few commands, or one can use dictionaries to brute force the passwords.
A single command will reveal whether the RTSP stream can be found in the target when it comes to scanning the preferred IP address.
“For setting up and managing video and audio streams, the majority of IP cameras use RTSP. RTSP acts as a rail track for transporting video data from point A, or camera, to point B, which could be VLC Player, RTSP viewers, RTSP Client, or other software,” Cybernews said.
Users run the risk of losing both security and privacy if the camera is not properly secured.
Risks and Their Significance
- Unauthorized Access: Anyone with the right URL or software can gain access to poorly protected RTSP cameras. Unauthorized viewing of live video feeds may result from this.
- Privacy Concerns: In the event that unauthorized people gain access to exposed cameras, they may record private or sensitive information, violating people’s privacy. People’s confidence in surveillance systems intended to increase safety is damaged by the possibility of unauthorized access to live video streams.
- Surveillance Risks: Access to RTSP streams from security cameras could be used maliciously for things like following people’s movements, observing routines, organizing break-ins, or other criminal activities. As a result, there is a real risk to people’s personal safety, public areas, and secure facilities.
- Network Vulnerabilities and breaches: Attackers might gain access to other devices connected to the same network or be able to launch additional attacks in some cases by taking advantage of an exposed camera. An entire network may be affected by the effects of a vulnerability in one device.
- Data Interception: Attackers may be able to capture the video data from unencrypted RTSP streams and potentially manipulate or alter the video.
- Legal and Ethical Concerns: Unchecked exposure of RTSP camera feeds may result in moral and legal quandaries. Unintentional violations of moral or privacy laws by people or organizations can result in legal liabilities and reputational harm.
- Public Safety Risks: By enabling unauthorized access to video feeds, exposed RTSP cameras can jeopardize public safety initiatives. As a result, there may be alterations made to security measures, unauthorized surveillance, and even disruptions.
Use Encryption With Strong Credentials
Separation and encryption are two tactics Cybernews researchers advise using, along with solid credentials, to ensure the security of the RTSP cameras.
First, if the network is wireless, it is a good idea to make sure that each camera is connected to its own protected subnet with end-to-end encryption, such as WPA2 (Wi-Fi Protected Access 2).
- Utilize encryption techniques to protect the communication between the camera and the viewing client. For remote access, it is best to use a Virtual Private Network (VPN).
- Make sure that access to RTSP cameras requires strong, one-of-a-kind passwords. A common error that can quickly result in unauthorized access is using default or weak passwords.
- To fix security flaws and enhance system security, update camera firmware as needed.
- Implement access controls to restrict who can access the camera feeds. This might entail using IP whitelisting or a VPN for remote access.
- Consider switching to protocols that offer encryption, like HTTPS.
“Exposure of RTSP cameras has implications that go beyond technical flaws and involve fundamental ideas of security, privacy, ethics, and trust. Addressing this issue is essential not only for protecting digital assets but also for upholding the rights and values that underpin modern society,” researchers concluded.
Also Read: Do Security Cameras Have Audio?
Source: cybernews
