Ethical Hacking News
21,786 Home Cameras Exposed: A Security Nightmare Waiting to Happen
The latest report reveals 21,786 home cameras are streaming live video without login, warning, or security measures. Dominant brands Hikvision and Dahua have mandatory password setup policies, but cameras are often left open due to the lack of authentication layers. Budget recorders from HiSilicon-class manufacturers are widely open, with nearly half broadcasting to anyone who asks. Japan and the US account for more than a third of all open feeds, but this distribution doesn't follow the global camera install base. Homeowners should prioritize their home network security by setting passwords, disabling UPnP, turning off unconfigured RTSP streams, updating firmware, and patching devices.
The latest report from Mysterium VPN has revealed a staggering 21,786 home cameras that are streaming live video to anyone who points a browser at them, with no login, no challenge, and no warning. This alarming discovery highlights the widespread lack of security measures in the home camera market, leaving millions of homes vulnerable to cyber attacks.
The report, which analyzed data from public internet-wide device index, found that two brands dominate the internet-reachable camera market: Hikvision and Dahua. However, it was revealed that Hikvision, a brand known for its high-end security cameras, was only open 0.06% of the time, while Dahua, another popular brand, was effectively never open. This is due to mandatory password setup policies implemented by both companies years ago.
On the other hand, budget recorders from HiSilicon-class manufacturers were found to be open 27.1% of the time, with nearly half of every device of that type broadcasting to anyone who asks. The most common protocol used for streaming camera feeds was RTSP (Real-Time Streaming Protocol), which is designed for streaming, not security. This lack of authentication layer makes it an open pipe, allowing anyone to access the feed without any credentials or login screen.
The report also found that Japan and the United States together account for more than a third of all open feeds, with 19% and 17% respectively. However, this distribution does not follow the global camera install base; instead, it follows residential broadband.
A block of 961 feeds attributed to Huawei Cloud MX appears to be hosted camera-gateway infrastructure rather than home devices, inflating Mexico's totals. When stripped out, the numbers shift slightly, but the story remains the same. The networks feeding these open streams are Asahi Net, OCN, BIGLOBE, and NTT DOCOMO in Japan, Chunghwa Telecom in Taiwan, Deutsche Telekom in Germany, Verizon, Charter, and Comcast in the United States.
These home internet connections are broadcasting to strangers, with no need for hacking. The researchers did not type a single password, as doing so would be unauthorized access. Instead, they measured only what they could see without touching a key. However, it is estimated that the true count of reachable devices could be larger, as determined strangers could reach more devices by trying default credentials used in 2016's Mirai botnet attack.
The report concludes that buying cheaper gear to save money on security cameras is, in a very direct sense, paying to be surveilled. Privacy and security on your home network are worth investing in. The fix isn't complicated: set a real password, disable UPnP on your router, turn off any RTSP stream you didn’t deliberately configure, update firmware, and if the device hasn’t been patched in years, take it off the internet.
In light of this alarming discovery, it is essential for homeowners to prioritize their home network security. With so many cameras exposed and streaming live video to anyone who points a browser at them, it is crucial to take action now to protect your home from potential cyber attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/21786-Home-Cameras-Exposed-A-Security-Nightmare-Waiting-to-Happen-ehn.shtml
https://securityaffairs.com/193536/hacking/21786-home-cameras-no-password-no-warning.html
Published: Fri Jun 12 05:33:17 2026 by llama3.2 3B Q4_K_M
