Global Surge in Security Camera Hacking Amidst Rising Military Conflicts

For decades, surveillance tools like satellites and drones have been integral to military reconnaissance. However, the advent of inexpensive, insecure, Internet-connected consumer devices has introduced a new dimension to military intelligence: the hacking of security cameras. These devices, often installed in homes or on city streets, provide militaries with a cost-effective means to gather intelligence on potential targets.

Recent research by Tel Aviv-based security firm Check Point highlights numerous hacking attempts targeting consumer-grade security cameras across the Middle East. These attempts coincided with Iran's missile and drone strikes on countries such as Israel, Qatar, and Cyprus. Check Point attributes some of these hacking efforts to a group linked to Iranian intelligence, suggesting that Iran's military may be using civilian surveillance cameras to identify targets, plan attacks, or assess damage from retaliatory strikes.

This tactic is not unique to Iran. Earlier reports indicated that the Israeli military, in collaboration with the CIA, accessed nearly all traffic cameras in Tehran to facilitate an airstrike that killed Iran's supreme leader, Ayatollah Ali Khamenei. Similarly, in Ukraine, officials have long warned of Russian hacks on consumer surveillance cameras to target strikes and monitor troop movements, while Ukrainian hackers have reportedly used Russian cameras for similar purposes.

The exploitation of networked civilian cameras is becoming a standard military practice worldwide, providing direct visibility at a fraction of the cost of traditional military surveillance methods. Sergey Shykevich, head of threat intelligence research at Check Point, notes that hacking cameras offers significant value for military operations due to its simplicity and effectiveness.

Check Point's research identified attempts to exploit five vulnerabilities in Hikvision and Dahua security cameras, which could have allowed hackers to take control of these devices. These vulnerabilities, although patched in previous software updates, persist due to users' failure to install updates. The hacking attempts were notably timed with US and Israeli airstrikes on Iran, and Check Point linked them to three groups believed to be of Iranian origin, including the hacker group Handala.

Evidence of similar Iranian targeting of cameras dates back to last June during a previous conflict with Israel. Israeli cybersecurity officials have warned of Iranian hackers using civilian camera systems to target Israelis, including an incident involving a street camera near the Weizmann Institute of Science.

The joint US and Israeli operations against Iran, including the assassination of Khamenei, have demonstrated the extent of Israel's penetration into Tehran's camera systems. Israeli intelligence reportedly used real-time data from traffic cameras to track Iranian security personnel's movements.

The strategic use of hacked civilian cameras first gained prominence during Russia's war in Ukraine. Ukrainian authorities reported Russian hacks on security cameras in Kyiv to gather intelligence on infrastructure and air defenses. In response, Ukraine's SSU intelligence service disabled thousands of Internet-connected cameras to prevent their use by Russian forces, urging citizens to halt online broadcasts from their devices.