Over 6,000 Surveillance Cameras in Russia Exposed with Publicly Accessible Data
Approximately 6,300 surveillance cameras at power plants, industrial facilities, gas stations, and in smart home systems across Russia have been found to be vulnerable, according to a report by Kommersant citing Avast and data from the Internet of Things search engine Shodan.io. These cameras have open IP addresses, making them accessible to anyone.
“Most of these cameras can be accessed without a username or password, or the password is set to the default,” Avast explained. Access to some cameras, including those in banks, is protected by the simplest passwords that are easy to guess, confirmed the company “Internet Rozysk.” With cameras that have open IP addresses, it is possible to set up an illegal surveillance or analytics system, and if facial recognition modules are added, it could become a system of total surveillance.
If vulnerable surveillance cameras are installed at home, hacking them threatens the loss of privacy, other sources told the publication. Data collected from cameras in both commercial and government organizations can be considered personal information. This data can be used to determine a person’s location. Experts believe such information could be sold for advertising purposes.
According to Shodan.io, Russia ranks fifth in the world for the number of surveillance cameras with open IP addresses. The top four are Vietnam, Taiwan, South Korea, and the United States. Worldwide, about 124,000 cameras have this vulnerability.
Russia also currently ranks third globally in the number of installed surveillance cameras, according to Telecom Daily. At the same time, data leaks from city cameras have occurred repeatedly. In September of last year, “RosKomSvoboda” filed a lawsuit demanding that Moscow authorities stop the operation of the city’s facial recognition system, since detailed data on people’s movements could easily be purchased on the dark web. Prior to this, the publication conducted its own monitoring of the black market for data to assess whether the situation with leaks from the “Safe City” cameras and Moscow’s facial recognition system had improved. They found that officials had still not stopped data leaks from Moscow’s cameras.