Default passwords make IP cameras surprisingly easy to hack

News
By last updated

Over 380,000 public-facing cameras have been discovered online

IP camera
(Image credit: Shutterstock)

Following the recent breach of the startup Verkada that allowed hackers to access thousands of security cameras including in jails and even Tesla offices, CyberNews decided to conduct its own investigation to find out if there are more public-facing cameras that can be easily accessed.

To conduct its research, the news outlet analyzed cameras connected to the internet worldwide made by the 30 most recognized manufacturers. In the end, CyberNews found 380,000 remote-access cameras with 27 brands selling their products with default credentials.

The exposed cameras it discovered online are all CCTV/IP cameras that can be used for CCTV surveillance both outdoors and indoors. This means that they could be recording everything from a remote parking lot or warehouse to a smart doorbell or baby camera.

What shocked CyberNews the most is the fact that the vast majority of these devices shipped with default credentials which if not changed before use, can leave them open for anyone to view. Default passwords from top IP camera manufacturers are just an online search away and even those with few technical skills could potentially access these cameras.

Exposed IP cameras

When it came to the countries with the highest number of public-facing cameras, the US topped the list followed by Germany with over 50,000 cameras while China came in third with just over 25k.

CyberNews' research indicates that the Chinese camera manufacturer HIKVision has the largest number of public-facing cameras online and the news outlet identified 124,000 of the company's cameras in use worldwide. However, they do not ship their devices with default passwords according to a company spokesperson that reached out to TechRadar Pro over email, saying:

“As a leading manufacturer of security cameras, Hikvision does not deliver cameras with a default password, and we have full implementation of a secure-by-design production process.”

The US-based manufacturer HIPCam came in second on the researcher's list with at least 85,000 cameras connected to the internet. CyberNews also identified over 73,000 public-facing cameras from the Taiwanese manufacturer D-Link.

To avoid being spied on online, both businesses and consumers should immediately change the default passwords of their security cameras after purchasing a new device. If you're unable to create a strong, complex password on your own, you can always use a password generator to create one for you and many password managers now include this capability as well.

Via CyberNews

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Thousands of misconfigured building access systems have been leaked online
Cartoon Phishing
Over a billion credentials stolen were stolen in malware attacks in 2024
botnet
Another top security camera maker is seeing devices hijacked into botnet
No broadband network
Massive online data breach sees 2.7 billion records leaked - here's what we know
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Huge cyber attack under way - 2.8 million IPs being used to target VPN devices
password manager
I'm a security expert - here are my biggest tips for creating a secure password for work and home life to stay safe online
Latest in Security
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Latest in News
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
Apple Watch Ultra 2 timer
The Apple Watch is getting a sleep alarm upgrade it probably should have had 10 years ago
More about security
Code Skull

Interpol operation arrests 300 suspects linked to African cybercrime rings
An abstract image of a lock against a digital background, denoting cybersecurity.

Critical security flaw in Next.js could spell big trouble for JavaScript users
Full view of the Cherry KW 7100 Mini BT

I tested the Cherry KW 7100 Mini BT - see what I thought of this travel keyboard
See more latest
Most Popular
Nintendo Sound Clock: Alarmo
Nintendo Sound Clock: Alarmo gets new update with more customizable features ahead of the Switch 2 Direct
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
Teenager playing on a gaming PC with two monitors
Samsung's OLED monitors are about to get much cheaper - and it's about time
Apple Watch Ultra 2 timer
The Apple Watch is getting a sleep alarm upgrade it probably should have had 10 years ago
Nikon Z5
The Nikon Z5 II could land soon – here's what to expect from Nikon's rumored entry-level full-frame camera