Compromised internet-connected cameras, previously exploited for botnet activities and prying eyes, have now emerged as critical military tools in recent conflicts. Forces from Russia and Ukraine have undertaken hacks of these cameras to collect intelligence, while Iran has utilized compromised devices for conducting targeted strikes. Notably, a collaborative mission between the United States and Israel reportedly relied on such connected devices during a successful operation that resulted in the assassination of Iran's leader.
In a recent development, Israel and the United States are said to have commandeered Iran's network of traffic cameras—utilized by the Iranian government for monitoring protests—to track the movements of Ayatollah Ali Khamenei prior to an airstrike that killed him on February 28. This information comes from recent reports by the Financial Times and the Associated Press. In retaliation, Iran is reportedly intensifying its efforts to surveil regions such as Israel, Qatar, Bahrain, Kuwait, the UAE, and Cyprus, according to a report from Israeli cybersecurity firm Check Point Software Technologies.
This strategic pivot underscores that attacks targeting IP cameras have advanced from mere demonstrations of vulnerabilities to the exploitation of these connected devices for intelligence purposes, as articulated by Noam Moshe, a lead vulnerability researcher at Claroty, a cyber-physical security company.
"There’s been a notable shift towards exploiting and controlling these devices not only for military and intelligence applications but also for propaganda and political disruption," he states.
Historically, compromising IP cameras was predominantly associated with showcasing the lax security of devices, forming botnets for cybercriminal activities, and facilitating invasions of privacy. However, the increasing utilization by nation-states as a cost-effective means to establish a presence in adversarial territories signals a pressing need for organizations to acknowledge this threat seriously, according to Sergey Shykevich, threat intelligence group manager at Check Point Research.
"Access to cameras provides attackers with direct visibility into targeted regions," he notes, emphasizing the critical error of leaving these devices unpatched when updates are available or neglecting to change default manufacturing credentials.
Eyes Inside
While attacks on cyber-physical systems have traditionally been deemed serious but often underappreciated—exceptions being notable incidents like the Stuxnet attack and the early phases of Russia's Ukraine invasion—the contemporary military utilization of IP cameras for precision targeting and damage assessment has significantly elevated their value to nation-states.
As the conflict between the United States and Israel against Iran continues, the Iranian regime is reportedly broadening its targeting scope to encompass private sector entities as well—a pattern previously observed—including industrial control systems like SCADA and PLCs, according to insights from Check Point's Moshe.
Rather than confining their focus to particular organizations within nations, Iran's proxies are expanding their searches for vulnerable cyber-physical devices, particularly IP cameras and industrial control systems, in select countries, he explains.
"We observe a significant transition to opportunistic attacks, where Iran and affiliated nations simply search for any exposed device linked to a targeted country," Moshe adds. "This trend increases the vulnerability of companies—less likely to be considered targets of nation-state attacks—who may inadvertently find themselves caught in the crossfire due to their exposed assets being situated in the 'wrong' country."
Consequently, according to research from Check Point, it is relatively uncommon for attacks to specifically target a nation's IP camera infrastructure.
Moreover, manufacturers of cameras and Internet of Things (IoT) devices have made strides in enhancing the security of their products. In contrast, the most frequently insecure devices online are those managed by consumers themselves, as articulated by Silas Cutler, a principal security researcher at Censys, an internet intelligence firm.
"Enterprise implementations, which are often deployed in large organizations or government sectors, are less common as these are generally managed within private networks," he reports.
Share this story