Insecure CCTV camera configuration leads to 73,000 private cameras visible to anyone!

The website Insecam is doing just that, streaming footage from approximately 73,000 Internet-connected IP cameras around the world. The majority appear to be from cameras running default security settings (like using “admin1” or “password” as a password). There’s are streams from over 11,000 cameras in the United States alone, with tens of thousands of others from places like Brazil, Japan, and the Czech Republic.


How has this happened? IP cameras have been installed and then exposed on the internet without taking adequate security precautions.

What are adequate precautions? This is a complete area but the basics are as follows

  1. If you don’t have a very good reason, don’t exposure your CCTV cameras on the internet. Keep them behind a correctly configured firewall.
  2. Remove or change the password to default accounts. Our recommendation for devices that are exposed on the internet is to use a password of 16 characters minimum.
  3. Correctly configure the device to exposes the minimum feature set possible thus reducing your exposure.
  4. Patch the device regularly. Monthly or quarterly is best.

In short, be very concerned if at any time you are required to punch a hole in your internet firewall OR configure port forwarding. These are insecure practices and should be avoided.

We at Silverstar Analytics take security very seriously and our cloud solution works in conjunction with CCTV cameras within your networks without requiring such insecure configurations.

One thought on “Insecure CCTV camera configuration leads to 73,000 private cameras visible to anyone!

  1. Pingback: Retailers: Is your infrastructure secure? Insecure by default is still a major problem. | Silverstar Analytics

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s