How Your CCTV Becomes a Hacker’s Spy

The proliferation of internet‑connected CCTV cameras has turned what were once isolated surveillance tools into a lucrative attack surface. Hackers rarely need sophisticated exploits; they simply log in with factory‑set passwords like "admin123" or "welcome" and gain unfettered access to live feeds. Research from Check Point shows incidents spanning Israel, the Gulf states and South Asia, underscoring that the vulnerability is not confined to any single market. This low‑effort entry point fuels a shadow economy where stolen footage—often sold for $9 to $50 per clip—feeds voyeuristic platforms and can be weaponized for espionage.

India’s experience illustrates how a single breach can trigger sweeping policy action. After authorities dismantled a ring that compromised 80 cameras across 20 states, the government issued a certification mandate for all internet‑connected CCTV devices effective April 1, 2026. The rule effectively bars foreign manufacturers lacking robust security, accelerating the rise of home‑grown brands such as CP Plus, Qubo and Matrix, which now command over 80% of the market. While the regulation raises the baseline security for new installations, it does little for the millions of legacy devices still in operation, leaving a large residual risk.

Security experts recommend a layered defense to protect surveillance infrastructure. Isolating cameras on dedicated VLANs, enforcing VPN or zero‑trust gateways, and disabling direct WAN access reduce lateral movement opportunities. Regular firmware updates, unique credentials, and retiring end‑of‑life units are essential hygiene steps. Moreover, organizations should consider on‑premise storage like Network Video Recorders instead of relying solely on cloud services, which can become single points of failure if compromised. As cyber‑espionage tactics evolve, adopting these best practices will be critical to safeguarding both privacy and national security.