Date: 18 June 2025
In a worrying revelation this June, Bitsight -- a cybersecurity firm -- has unearthed well over 40,000 publicly accessible "private" cameras around the world. The cameras stream live footage from homes, offices, hospitals, and even ATMs. Most concerning, however, is how the devices can be accessed without the knowledge of their owners.
All of this and more is detailed in the report "Big Brother Is Watching You (And So Is Everyone Else)". It exposes a staggering privacy and security crisis fueled by badly configured electronics and a lack of the most basic cybersecurity safeguards.
“An open camera means zero privacy,” advises João Cruz, author of the report. “Whether it’s a baby monitor, a corporate boardroom, or a hospital ward, someone could be watching—and you’d never know.”
How the Cameras Were Found
Using in-house scanning tools, Bitsight was able to point out cameras operating over HTTP and RTSP (Real-Time Streaming Protocol). While these are common technologies for video transmission, what shocked researchers was how many devices needed no hacking at all. In most cases, a web browser and the right IP address were enough.
Quick insight:
- HTTP-based cameras are mostly used in homes. These devices expose admin interfaces and live feeds through basic web links. The researchers were able to bypass these "protected" feeds by guessing common URLs like "/out.jpg".
- RTSP-based cameras are more common in professional environments. These were accessed via generic paths like "/live.sdp" or "/video.h264".
“We didn’t even attempt to brute-force passwords,” Cruz reported. “If we had, the scale would’ve been far worse.”
Who’s Most at Risk?
The United States leads the list of most vulnerable devices with nearly 14,000 exposed live cameras. This is followed by Japan with roughly 7,000. Other affected countries include Austria, South Korea, and Germany.
What's more interesting are the various business sectors that are actively vulnerable to this form of intrusion. While the report is dominated by residential cameras, businesses large and small are not far behind in vulnerability.
There is evidently no shortage of offices, stores, and factories with live feeds that reveal sensitive operations. Customer data is often exposed in these feeds, as well as confidential staff activity. There are even hospitals with exposed patient-monitoring cameras, which poses severe ethical and legal risks.
“[An unprotected] camera in a data center or hospital isn’t just a privacy issue," the report warns "...it’s a security nightmare.”
Real-World Threats
The report suggests that ordinary consumers -- those who buy baby monitors pet cams and live doorbells -- expose themselves the most to cyber attacks and unwarranted surveillance. Criminals could, by accessing these unprotected feeds, plan burglaries and extort residents by tracking their routines. The report, for instance, features an exposed front gate camera—a potential blueprint for break-ins.
Threats don't merely face the home-front, but a host of businesses and critical infrastructure, too. In the world of retail, thieves can monitor cash registers and business closing times, as revealed in the report's Screenshot 16. Factories can invite competitors to spy on their production lines and trade secrets, as seen in Screenshots 19 and 20.
And ATMs, too! Fraudsters could steal PINs remotely, the report advises. It quips accordingly, “Why install a skimming device when the ATM’s own camera broadcasts PIN entries?”
In the report are a collection of public cameras around the world that are just as accessible. It contains images of trams, buses, and even billboard cameras. One particular image revealed a tram interior, including the drivers’ view.
How to Protect Yourself
Individuals and households can benefit from learning to check their exposure. People can learn much from trying to access their own live cameras remotely from other devices. If their private feeds can load without the need for login information, then the device is likely exposed to others, too.
Consumers of live camera feed devices should also remember to change their default logins and passwords. A large number of manufacturers ship their devices with preset usernames and passwords. While the customer is often advised to change these default logins after setting up the new device, many people simply do not bother, handing those with ill intentions an extraordinary advantage.
Home owners are also able to disable remote access. Live cameras are marketed on their ability to allow their owners quick and easy access, without hassles. However, easy access for the owner can sometimes mean easy access for others. Users should remember to log out regularly, and block their cameras' internet connections whenever they're is not in use.
Device owners are encouraged to update new firmware promptly after its release. Patching software keeps those trying to protect their homes one step ahead of those looking for vulnerabilities. The use of VPNs and firewalls goes a long way, too. It adds a strong layer of protection and restricts access to authorized personal.
Lastly, owners of live camera devices should remember to monitor their access activity and flag unusual login attempts.
“Convenience shouldn’t override security,” urges Cruz. “A $50 camera could cost you millions in damage.”
Conclusion
Bitsight’s report is a wake-up call for all manufacturers, regulators, and users. As IoT devices proliferate, so do risks. “This isn’t just 1984—it’s 2025, and the threat is everywhere,” Cruz concludes.
As connected devices multiply, so too do the attack areas. From living rooms to hospital wards, this new report reveals a systemic failure—one that suggests convenience often trumps security. An unsecured camera isn’t just a personal privacy risk -- it can be a node in a worldwide surveillance network, whether you're aware of it or not.
“You might think you’re installing a security camera. But if it’s unsecured, you’re just inviting the world to watch.”
About the Author: Mvuse Ngubane
Mvuse is a Professional Freelance News Writer.
