148
40K IoT cameras worldwide stream secrets to anyone with a browser. (www.bitsight.com)
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
17 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] [email protected] 17 points 1 month ago

It would be nice to know what brands or models are most vulnerable.

[-] [email protected] 13 points 1 month ago* (last edited 1 month ago)

What this is talking about is not really about the brand or model, its just about them being misconfigured. These cameras were exposed to the internet with either default credentials or no authentication.

Theres very few good reasons to expose a camera to the internet at all, just access it over a VPN. If for some reason someone really needs to access it over the internet (I genuinely cannot think of any), then they should put some proper authentication in front of it.

[-] [email protected] 3 points 1 month ago

An IP camera may stay in use for a decade or more without any firmware updates. You shouldn't trust any sort of authentication that's built into the camera to be secure. Keep them on an isolated LAN and only allow access from the server that's running the DVR software.

[-] [email protected] 7 points 1 month ago* (last edited 1 month ago)

Any camera you expose to the internet with no protection is vulnerable. The issue is just that they're accessible over the internet without a password.

Follow best practices by keeping your cameras on a separate VLAN that's isolated from the internet, and you'll be fine. Use a VPN like Tailscale to view your cameras while away.

this post was submitted on 10 Jun 2025
148 points (96.8% liked)

Technology

73287 readers
3890 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]