News
SHARE
Facebook X Pinterest WhatsApp

When Home Security Isn’t Safe: IoT Cameras Easily Hacked

Popular cameras used default passwords and unencrypted data transmission, and could enable a botnet attack.

Written By
thumbnail
Sue Walsh
Sue Walsh
Nov 3, 2016

Security firm Bitdefender says its found what it calls critical security flaws in a line of IoT home security cameras used for surveillance and baby monitoring.

The cameras include a sound and motion detection system, two-way audio with a built-in microphone, and a MicroSD slot. The vulnerabilities could allow a hacker to spy on kids or anyone in range of the camera and could allow the device to be used in a DDoS attack such as the one that caused a major internet outage a few weeks ago.

“Anyone can use the app, just as the user would,” George Cabau, an anti-malware researcher with Bitdefender said. “This means turning on audio, mic and speakers to communicate with children while parents aren’t around or having undisturbed access to real-time footage from your kids’ bedroom. Clearly, this is an extremely invasive device, and its compromise leads to scary consequences.”

The company identified three major problems with the cameras:

  • Users are not required to change the default password.
  • Network credentials are transmitted in plain text.
  • Data transmitted between cameras — to the apps used to watch the footage and to the company’s servers — is not encrypted.

The cameras also create a hotspot during configuration with a wireless network and it is fully open with no password required. Furthermore, the camera use MAC addresses to verify connections, allowing a hacker to set up a malicious device that could collect data such as user credentials simply by using a MAC address trusted by the cameras. Changing the default password would not be effective against such an attack, the company said.

A hacker could also trick the device into executing malicious commands by sending an HTTP request to set up another NTP server. The cameras are not configured to verify it, so the hacker could crash the device, set it to send its data to a remote server, or add it to an IoT-fueled botnet.

Bitdefender said its policy is to withhold company identification to avoid damaging the brand. They said the company did respond to their notification and is working to fix the vulnerabilities.

Advertisement

Best practices for IoT security

An internet of broken things

thumbnail
Sue Walsh

Sue Walsh is News Writer for RTInsights, and a freelance writer and social media manager living in New York City. Her specialties include tech, security and e-commerce. You can follow her on Twitter at @girlfridaygeek.

Recommended for you...

thumbnail
Open Source Talent Shortage Expected To Increase in 2022
News
Open Source Talent Shortage Expected To Increase in 2022
David Curry
Jul 12, 2022
thumbnail
Volvo Puts IoT and AI in the Driver’s Seat for Vehicle Connectivity
News
Volvo Puts IoT and AI in the Driver’s Seat for Vehicle Connectivity
Sue Walsh
Nov 6, 2020
thumbnail
Cybersecurity and Digital Trust Companies Team for IoT Threats Detection
IoT Security
Cybersecurity and Digital Trust Companies Team for IoT Threats Detection
Sue Walsh
Oct 12, 2020
thumbnail
Cornell Researchers Create the Country’s First Statewide IoT Network
Internet of Things
Cornell Researchers Create the Country’s First Statewide IoT Network
Sue Walsh
Oct 9, 2020

Featured Resources from Cloud Data Insights

thumbnail
The Manual Migration Trap: Why 70% of Data Warehouse Modernization Projects Exceed Budget or Fail
Cloud Data Platforms
The Manual Migration Trap: Why 70% of Data Warehouse Modernization Projects Exceed Budget or Fail
Rudrendu Kumar Paul
Jan 11, 2026
thumbnail
The Difficult Reality of Implementing Zero Trust Networking
Governance
The Difficult Reality of Implementing Zero Trust Networking
Misbah Rehman
Jan 6, 2026
thumbnail
Cloud Evolution 2026: Strategic Imperatives for Chief Data Officers
AI/ML
Cloud Evolution 2026: Strategic Imperatives for Chief Data Officers
Salvatore Salamone
Dec 25, 2025
thumbnail
Why Network Services Need Automation
AI/ML
Why Network Services Need Automation
Salvatore Salamone
Dec 15, 2025
RT Insights Logo

Analysis and market insights on real-time analytics including Big Data, the IoT, and cognitive computing. Business use cases and technologies are discussed.

linkedin
x
facebook
rss

Company

About us Contact us Our Team Engage with Us Write for us Brain Trust

Categories

IoT Real-Time Analytics Artificial Intelligence Big Data Industries Use cases Reports Resources

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information