Millions of IP cameras around the world are unprotected

Big Brother is watching you - but so could anyone

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Update as of January 4, 2023: Reference to Linksys as a leading internet-facing camera brand has been removed, as the home connectivity provider has toldTechRadar Prothat it does not currently have any IP camera products available for sale.

Over 3.5 million active Chinese-manufacturedIP camerasare only protected by a vendor’s defaultpassword, or lacking protection altogether, putting users at risk of snooping, experts have warned..

New research fromCyberNewsfound over 458,000 devices protected only by default credentials operational in the US alone, alongside almost 250,000 in the United Kingdom, with countries such as Mexico, China, the Korean Republic, India, Brazil and Russia also appearing on the list.

At least 21,000 cameras worldwide lack any authentication whatsoever, raising questions about invasions ofprivacy, and the impact IP cameras are having on the global uptick incyberwarfare.

Security camera passwords

All devices connected to the internet are in danger of being accessed by unknown and potentially malicious third parties. In the case of security cameras, threat actors can access the live feed, record sensitive personal data, and use the camera as a vulnerableendpointon a network.

Researchers forCyberNewsare concerned that all brands of camera it came across in its analysis have products in circulation that are permitted to function without changing the default password, or without one at all. Such brands include Hikvision, HIPCam, Cisco and Toshiba.

It’s not all bad news, though. The most popular camera manufacturers’ latest products are programmed, either by model or firmware version, to force users to set a password, orgeneratea unique one at random.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

96.4% of the camerasCyberNewsexamined belonged to these brands, but it’s worth highlighting that this doesn’t mean that 96% of connected cameras are benefitting from an uptick in protection.

Hardware devices often age, are depreciated by the manufacturer, and become ineligible for firmware updates, which can also push security patches. The vast majority of connected IP cameras aren’t going to be the newest models mandating, or at least recommending, healthy password security practices.

Where we are now is certainly an improvement from the results ofCyberNews’ research on this same topic last year, which found that only 5.3% of cameras mandated setting a password.

The world is gravitating towards cyberwarfare in the wake of the Russia-Ukraine conflict and China’s growing reputation as a surveillance supplier, withransomwareandDDoSattacks becoming especially common.

With that, there are growing fears surrounding how devices from popular IP camera brands, such as China’s Hikvision, could be used by state-sponsored threat actors.

CyberNewsreported that, until at least December 2022, Hikvision advertised “demographic profiling facial analysis algorithms” as part of its products on the company’s website, but that followingan investigationbyThe Guardian, the ads were removed.

Some western democracies have resisted the growing influence of foreign surveillance technology better than others in recent years.

Here’s our list of the best home security systems right now

Wi-Fi security flaws could let drones, attackers target you through walls

The journey to passwordless – it’s a marathon, not a sprint

In July 2019, the UK’s then-Prime Minister Theresa Maybacked downfrom her plan to allow Chinese company Huawei to assist in developing the country’s 5G infrastructure following US pressure. And in September 2020,The Guardianreportedthat Hikvision cameras, blacklisted in the US, were installed in UK leisure centres and, alarmingly, school toilets.

Things are, however, moving in the right direction.

In November 2022, the UKbannedChinese surveillance equipment from “sensitive” government sites, while the US’ Federal Communications Commission (FCC)adopted rulespreventing “communications equipment deemed to pose an unacceptable risk to national security” from being imported or sold in the country.

Luke Hughes holds the role of Staff Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)