TL;DR

Security cameras, IoT, and OT devices that are meant to protect us, are easily compromised and turned against defenders, enabling nation-state reconnaissance (Iranian hacks on Hikvision/Dahua cameras during strikes, Russian webcam abuse in Ukraine), espionage via exposed live feeds, ransomware pivots (Akira group bypassing EDR), massive botnets (Mirai/Eleven11bot), and physical disruption. Structural weaknesses like default credentials, poor patching, internet exposure, supply-chain risks and espionage by design makes them ideal attacker tools, especially since they can’t receive endpoint security agents. Zero Trust Connectivity (ZTc) solves this by enforcing network-level Zero Trust: it blocks unauthorized connections before they form, requires no endpoint agents, prevents lateral movement, and supports decentralized deployment with sovereign data custody — giving defenders a powerful way to secure all devices without traditional detection or centralized decryption. In short, the watcher must be properly isolated at the network layer. In cybersecurity, the watcher must be watched most closely of all.

When Your Own Eyes Turn Against You: How Compromised Security Cameras and IoT/OT Devices Become Tools for Your Attackers

Turning Defense Technology Against the Defenders

We live in an era where security cameras, smart sensors, industrial controllers, other Internet of Things (IoT) and Operational Technology (OT) devices are deployed everywhere—from traffic poles, corporate boardrooms and factory floors to homes and critical infrastructure. They are meant to watch, alert, and protect. Yet when attackers gain control, these very devices become potent weapons in their hands: silent observers feeding real-time intelligence, hidden pivots into protected networks, launchpads for massive distributed denial-of-service (DDoS) attacks, or even tools for physical disruption and espionage.

The problem is structural. Many IoT and OT devices ship with default credentials, receive infrequent (or no) firmware updates, lack proper network segmentation, and are exposed directly to the internet. Even in well managed deployments of IoT and OT, the supply chain threat is an additional attack vector. In cases where defenders patch devices to the latest firmware update, attackers could still be turning their equipment against them by pushing compromised firmware to the devices.

Once breached they grant attackers low-effort footholds. From there, the devices can be repurposed for reconnaissance, lateral movement, data exfiltration, or amplification of larger campaigns. In OT environments, where these devices increasingly converge with IT networks, a single compromised camera or sensor can open the door to industrial control systems (ICS) that manage physical processes. Cyber as a warfare domain could be the area where underfunded or outgunned adversaries can cause the most damage.

Security researchers and government agencies have repeatedly warned against these risks but the threat is no longer theoretical. Adding to the complexity is the problem that no endpoint agent can be deployed on these devices and a single device compromised could be the only potential connection point the attackers need to advance their attack.

In the light of defending against abuse of security cameras, the following are important aspects to consider:

State Actors Weaponize Cameras for Battlefield Intelligence
In March 2026, researchers at Check Point documented hundreds of hacking attempts by Iranian-linked threat actors targeting internet-connected Hikvision and Dahua IP cameras across Israel, Bahrain, Cyprus, Kuwait, Lebanon, Qatar, and the UAE. The attempts were timed to coincide with Iranian missile and drone strikes, suggesting the cameras were being hijacked for real-time reconnaissance—spotting targets, assessing damage, or guiding follow-on kinetic operations. The attackers exploited known vulnerabilities in the cameras’ firm

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.