Since the outbreak of the war against Iran, Israel's National Cyber Directorate has identified persistent Iranian attempts to hack security cameras. These breaches target even simple home devices used by citizens to monitor pets or children. The directorate is currently notifying hundreds of owners, urging the public to change passwords and perform software updates to prevent risks to both national and personal security. Security cameras are omnipresent: positioned over community gates, in building lobbies, in children's bedrooms, and on almost every street corner. While intended to provide safety, they have become prime targets for hostile actors in recent days. Since the launch of Operation Roaring Lion last week, the National Cyber Directorate has detected over 40 incidents where private or public cameras were compromised by Iranian groups and other adversaries for intelligence gathering.
National security risk
Such breaches can severely jeopardize national security, as certain cameras allow attackers to monitor troop movements in public spaces, track missile impact points, and collect other sensitive data. Last week, the Financial Times reported that on the other side of the conflict, Israeli intelligence exploited a similar opportunity prior to the assassination of Iranian Supreme Leader Ali Khamenei by hacking nearly all traffic cameras in Tehran. In recent days, the National Cyber Directorate has identified a targeted Iranian effort focusing on these systems. Consequently, the agency—in coordination with other security authorities—is working to identify, block, and warn owners of vulnerable cameras, including businesses, local authorities, public bodies, and private individuals.
How cameras are compromised
The most common method of breach is the exploitation of built-in software vulnerabilities or simply logging in using default factory passwords. It is estimated that hundreds of thousands of such cameras are installed in Israel, most of which are either completely insecure or exposed to relatively simple hacking attempts. Dana Toren, head of operations at the National Cyber Directorate, stated: "Security camera owners must ensure they cannot be accessed directly via the internet, immediately change default passwords, update security software, and limit exposure to public spaces. Today, an insecure connection is not just a matter of privacy but of security, requiring responsible technological behavior."
Why hacking is easy
The primary reason is simple: laziness. Most users, both private and commercial, simply plug the camera in, check if they can see the image on their phone, and stop there. Manufacturers often facilitate this human weakness by enabling technologies like P2P (Peer-to-Peer) or UPnP by default, bypassing the home router's firewall and opening a "back door" to the internet. Additionally, many cameras in public spaces and small businesses suffer from what experts call "digital negligence": users fail to change the factory admin password, neglect software updates, or leave the camera accessible to anyone who knows its IP address. For a novice hacker, finding an insecure camera can take just a few minutes. Websites like Shodan scan the internet and map connected devices worldwide. A hacker can simply search for "Israel" along with a specific camera model to receive a list of thousands of exposed IPs. Other groups use automated bots that test thousands of username and password combinations until they find the correct ones. Many models also contain manufacturer backdoors or known bugs that allow for the complete bypass of password protection. Once a hacker gains control, they can not only monitor the feed but also use the camera as a "bridge" to infiltrate other computers on the same network—and in some cases, even create fake real-time video streams.
Cameras most at risk
The Israeli market is flooded with low-cost brands, which experts divide into three categories:
-
Highest Risk: Non-branded cameras, often sold on AliExpress, and products from Chinese companies Hikvision and Dahua, which face restrictions in the US and the UK due to security vulnerabilities and potential links to the Chinese government.
-
Home Cameras: Branded consumer names such as Xiaomi, TP-Link, and Eufy, which offer stronger security but rely heavily on cloud services.
-
High-Tech: Manufacturers such as Axis (Sweden), Hanwha Vision (Korea), and Bosch, which emphasize end-to-end encryption and frequent firmware updates.
How to protect yourself
Experts recommend the following steps:
-
Change the password: Use a unique, strong password for every camera.
-
Disable P2P and UPnP: If you do not need direct remote access, disable these options on both the device and the router.
-
Separate networks (VLAN): In businesses and smart homes, place cameras on a different network from devices containing sensitive data.
-
Enable Two-Factor Authentication (2FA): If the camera connects to an app, always use an SMS or authenticator app.
-
Disconnect when unnecessary: If the camera is not in use, disconnect it from the internet.
-
Check for updates: Install all security patches issued by the manufacturer.
www.bankingnews.gr
Σχόλια αναγνωστών