Skip to main content

Modat Maps Internet-Exposed RTSP Video Services Accessible Without Authentication

Modat, an internet intelligence company based in Europe, published research that mapped internet-exposed RTSP video services and measured how many could be accessed without authentication. The report ties those findings to risks created when video streams operate with open access.

Using its Modat Magnify platform, Modat said researchers identified 973,819 active RTSP services across 210 countries in March 2026. The team verified live responsiveness and tested for unauthenticated access as part of the study.

Modat reported that 8,074 services returned a live frame without credentials, describing authentication as part of the RTSP specification that ships disabled on most devices. The company also said exposure was not limited to the default port of 554; it reported 43.9% of the surface on other ports and stated port 554 detection would miss nearly half.

The research described that the open feeds included devices beyond cameras and referenced more than a third of fingerprinted services as not camera devices, including GStreamer. Modat said it documented streams such as thermal array monitoring of high-voltage equipment, the interior of a server facility, a SCADA water-treatment dashboard, a device exposing 358 live feeds, and that one in five viewable streams sat in a conflict-affected country. The company added that within a wider set of 3.36 million RTSP endpoints in Modat Magnify, 797,153 hosts showed an open stream alongside a known vendor login page, with others showing industrial control system or SCADA fingerprints on the same host.

“An unauthenticated video stream is operational intelligence, not a privacy nuisance,” said Soufian El Yadmani, CEO of Modat. “Layout, staffing patterns and blind spots are visible before any exploitation takes place, and treating this as a camera problem misses the point. In March 2026, CNN reported that Israel had hacked Tehran's traffic cameras years before its strikes on Iran to build targeting intelligence. The feeds were simply open. Most of what we found can be secured in minutes by requiring authentication and routing access through a VPN.”

Modat said the full research, including methodology and case studies, was published online.

Provided by Globe Newswire on behalf of MoData. Click to read original content.