The Anti-virus Times

Monday, June 1, 2026

With summer just around the corner, high season is upon us. As people tend to travel a lot during this period, they often install IP cameras to keep an eye on the security of their premises while they're away. A camera is a reliable surveillance tool, but if configured improperly or handled carelessly, it may wind up spying on you rather than for you. Bear in mind that perpetrators don’t even need to pull off an elaborate Ocean’s Eleven-style heist—they need only to watch a couple of online video tutorials, peruse several threads on specialised forums, and practice for a bit.

In this Antivirus Times publication, we’re talking about the precautions you can take to avoid becoming an unwitting participant in an unwarranted reality show.

What is an IP camera

As the IP (Internet protocol) abbreviation suggests, an IP camera transmits its video surveillance feed over a network using the aforementioned Internet protocol. This is how it is different from an analogue camera, which relays a conventional video signal via a coaxial cable.

Because IP cameras can transmit digital data via Wi-Fi and the Internet, one can easily use it to monitor their premises remotely from their office desk or any other location. However, there is also a downside to this convenience, as someone else can gain access to an Internet-connected device if circumstances are favourable.

How IP cameras get compromised

A user connects to an IP camera by entering their login and password in an app on their desktop computer, laptop, or smartphone. The catch is that most devices of this type that are available on the market will provide their video stream in default format to anyone who requests it. One only needs to know the camera’s IP address, port, and login and password. And we’re not talking about the login and password that the owner habitually enters in the application they use. More often than not, the default access credentials will also get anyone connected. They usually look like these:

• admin/ 12345,
• admin/ admin,
• admin/ 55555,
• admin/ 1234,
• user/ user,

and other similar variations that are fairly easy to guess. Hundreds of thousands of devices around the world that are broadcasting right now have such access settings, and the IP camera in your closet may be one of them.

Now that we know the login and password, we only need to determine the IP address. And that should also be pretty easy to do given special search engines exist that automatically run lists of IP addresses looking for a specific response and open ports. They include ZoomEye and Shodan. These search engines identify IoT devices, which include not just IP cameras but also routers, alarm systems, refrigerators, light bulbs, smart curtains and other gadgets. A search can be restricted to a specific area. The rest is just a matter of patience.

In most cases, IP cameras have Linux-based firmware, which has its own loopholes that can be exploited by an eager observer. The available options usually include: RCE (remote code execution), XSS (cross-site scripting) and CSRF (cross-site request forgery) attacks, and the ability to access the device without logging in when, for example, the user didn’t close the camera’s management page. They enable an attacker to compromise the device and gain access to your video feed.

Compromising a cloud-based storage is yet another way of gaining unlawful entry. For a homeowner to be able to open the app on their smartphone and check on their pet cat, the video data must be stored somewhere. And that usually involves a cloud. And if the server is not well protected, attackers can compromise it and gain access to the data of thousands of users.

And in some cases, a direct brute-force attack will also work. If the maximum allowed login attempts are not restricted in the IP camera settings, a perpetrator can use a special program or bot to automatically guess the password until a match is found.