Hacking Security Cameras Emerges as a New War Tactic
▼ Summary
– Militaries are increasingly hacking insecure consumer security cameras to conduct surveillance and reconnaissance, adding a cheap and accessible tool to their arsenal.
– Recent hacking attempts on cameras in the Middle East, attributed to an Iranian-linked group, were timed to coincide with Iranian missile strikes and US/Israeli air strikes.
– This tactic is now standard; Israel reportedly used Iranian traffic cameras for targeting, and both Russia and Ukraine have hacked cameras in their conflict.
– The exploited vulnerabilities in brands like Hikvision and Dahua are old and patched but persist because camera owners rarely install software updates.
– Check Point’s research links the campaign to Iranian groups, noting the activity provides direct, high-resolution visibility at low cost compared to military means.
The landscape of modern warfare is rapidly evolving, with hacking consumer security cameras emerging as a powerful new reconnaissance tactic for militaries worldwide. Instead of relying solely on satellites or drones, armed forces are now exploiting the vulnerabilities of inexpensive, internet-connected devices to gain a direct visual line on potential targets from thousands of miles away. This shift represents a significant change in how intelligence is gathered and strikes are planned in contemporary conflicts.
Recent research highlights this disturbing trend. A security firm based in Tel Aviv has documented hundreds of attempts to hijack consumer-grade security cameras across the Middle East. Many of these incidents coincided with recent missile and drone strikes, suggesting the cameras were targeted to help plan attacks or assess damage. The firm attributes some of this activity to a hacker group with known links to Iranian intelligence, indicating a state-sponsored effort to turn civilian surveillance networks into military assets.
This tactic is not exclusive to any one nation. Reports indicate that Israeli military intelligence, in cooperation with foreign agencies, previously accessed traffic cameras in a major foreign capital to aid in targeting a significant airstrike. Similarly, in the ongoing conflict in Eastern Europe, officials have long warned that Russian operatives have compromised surveillance cameras to monitor troop movements and guide strikes. Conversely, Ukrainian hackers have reportedly commandeered Russian cameras to surveil their own forces.
The appeal for military planners is clear. Hijacking these devices provides direct, high-resolution visibility without the enormous cost of satellites or specialized drones. A threat intelligence researcher explains that it has become a standard part of the playbook for military activity. The process offers excellent value for the effort involved, making it a straightforward option for any attacker planning operations.
In the latest observed campaign, hackers attempted to exploit five known vulnerabilities in popular brands of security cameras. These flaws, while patched by the manufacturers years ago, remain effective because device owners rarely install software updates. The attempts were concentrated in several Middle Eastern countries and were notably timed to periods of heightened military activity and regional protests.
The hacking attempts have been linked by researchers to three distinct groups believed to originate from Iran, based on their infrastructure. Some of the servers used have been previously associated with a specific Iranian cyber group identified by multiple cybersecurity firms as working for that nation’s intelligence ministry. This connection further underscores the state-level coordination behind these intrusions.
This new reality means that the millions of insecure cameras installed in homes and on city streets globally have inadvertently become potential instruments of war. Their widespread vulnerability offers a cheap, accessible window into conflict zones, transforming everyday consumer technology into a geopolitical tool with serious consequences for global security.
(Source: Wired)
