Skip to main content

Modat Maps Internet-Exposed RTSP Video Services With Live Access Without Authentication

Modat published research mapping internet-exposed RTSP video services and reported that hundreds of thousands of exposed endpoints delivered live video without authentication. The results describe how open RTSP feeds appeared across a large number of countries and included services beyond camera devices.

The study used Modat Magnify to identify RTSP services globally, then verified which endpoints responded and whether they returned video without credentials. Modat said the research addressed exposures observed through internet scanning rather than a device-specific view focused only on cameras.

Researchers identified 973,819 active RTSP services across 210 countries in March 2026. Each service was verified for live responsiveness and tested for unauthenticated access; 8,074 returned a live frame with no credentials required. Modat said authentication is part of the RTSP specification, but ships disabled on most devices.

Modat reported that exposure was not confined to the default port, noting that 43.9% of the surface sat on other ports so detection built around port 554 missed nearly half the footprint. It also reported that more than a third of fingerprinted services were not camera devices, including media frameworks such as GStreamer. The company documented examples including monitoring of high-voltage equipment, the interior of a server facility, a SCADA water-treatment dashboard, and a single device exposing 358 live feeds, and said one in five viewable streams sat in a conflict-affected country.

“An unauthenticated video stream is operational intelligence, not a privacy nuisance,” said Soufian El Yadmani, CEO of Modat. “Layout, staffing patterns and blind spots are visible before any exploitation takes place, and treating this as a camera problem misses the point. In March 2026, CNN reported that Israel had hacked Tehran's traffic cameras years before its strikes on Iran to build targeting intelligence. The feeds were simply open. Most of what we found can be secured in minutes by requiring authentication and routing access through a VPN.”

Modat said additional detail, methodology, and case studies were provided in the full research posted at https://www.modat.io/post/exposed-rtsp.

Provided by Globe Newswire on behalf of MoData. Click to read original content.