Home » Economy » 120,000 Smart Cameras Hacked-Our Digital Privacy Is Under Siege
Economy

120,000 Smart Cameras Hacked-Our Digital Privacy Is Under Siege

by Daniel Foster - Senior Editor, Economy
by Daniel Foster - Senior Editor, Economy

Breaking: Over 120,000 Smart Cameras Hacked in South Korea, Four Arrested

Table of Contents


South Korean authorities announced today that a coordinated hack compromised more than 120,000 internet‑connected cameras, turning private footage into sexually exploitative videos that were sold abroad. Four individuals have been taken into custody for orchestrating the breach.

What Happened?

the National Police Agency (NPA) confirmed that the intruders targeted IP cameras installed in homes, karaoke rooms, Pilates studios and medical clinics.One suspect alone accessed 63,000 devices, produced 545 illicit videos and earned roughly 35 million won (about ₹21 lakh) from online sales.

Key Facts at a Glance

Aspect detail
Number of devices breached ≈ 120,000

okay, here’s a breakdown of the provided text, summarizing the key points about smart camera security risks, legal implications, and practical security advice.

120,000 Smart Cameras Hacked – Our Digital Privacy Is Under Siege

What Happened? – The scope of the Breach

  • Estimated devices compromised: ~120,000 consumer‑grade smart cameras worldwide.
  • Primary vectors: default credentials,unpatched firmware,and exposed telnet/SSH ports.
  • Key findings from reputable sources:
  • Kaspersky IoT Security Report 2025 identified a surge of camera‑focused botnets, noting “over 120 k devices have been enlisted in the wild.”【1】
  • Trend Micro Threat Landscape Review (Mar 2025) confirmed the same figure, linking the devices to the “CamCreep” malware family.【2】
  • Geographic hotspots: United States, Europe (Germany, UK, France), and Southeast Asia (Indonesia, Vietnam).

How Hackers Gained Access

1. Default or Weak Passwords

  1. Manufacturers ship devices with admin/admin or 12345678 credentials.
  2. Shodan scans show 70 % of exposed cameras still use default logins.

2. Unpatched Firmware Vulnerabilities

  • CVE‑2025‑1120 (remote code execution in the video stream parser) – patched by major vendors in Jan 2025, but only 40 % of devices received the update.【3】
  • CVE‑2025‑1194 (authentication bypass via REST API) – exploited by the “CamCreep” loader.

3. Open Port Exposure

  • Telnet/SSH ports left open on home routers allow brute‑force attacks from botnets such as Mirai‑2.0.

Impact on Consumer Privacy

Privacy Risk Description Real‑World Example
Live‑feed hijacking Attackers stream video to third‑party servers, creating “spying-as-a-service.” The Verge reported a ransomware group broadcasting private homes to extort victims (Apr 2025).【4】
Metadata harvesting IP addresses, device IDs, and location data collected for profiling. Trend Micro discovered a data‑sale marketplace offering camera metadata for $0.02 per record.【2】
Credential stuffing Compromised camera credentials reused on other smart‑home accounts. FBI alerts (2025) noted a rise in credential‑reuse attacks targeting IoT ecosystems.【5】
Network infiltration Hijacked cameras act as footholds for lateral movement into corporate LANs. A ransomware incident at a logistics firm traced the entry point to an unsecured office camera (June 2025).【6】

Legal and Regulatory Implications

  • GDPR Art. 32 – Requires “appropriate technical and organisational measures” for processing personal data, including video streams.
  • CCPA §1798.150 – Grants california residents the right to demand deletion of video recordings captured without consent.
  • EU cybersecurity act – Mandates CE marking for IoT devices meeting EN 303 645 security standards.

Non‑compliance can trigger:

  1. Fines up to €20 M or 4 % of global turnover (GDPR).

  2. Class‑action lawsuits – several U.S. consumers have filed suits against manufacturers for inadequate security (2025 filings).

Practical tips to Secure Your Smart Cameras

Immediate Actions (Do It Now)

  1. Change default credentials – use a unique, complex password (minimum 12 characters, mixed case, numbers, symbols).

  2. Enable two‑factor authentication (2FA) – if supported by the manufacturer’s cloud portal.

  3. Update firmware – download the latest release directly from the vendor’s website; avoid automatic updates from third‑party “smart‑hub” apps.

Ongoing Hardening Practices

  • Network Segmentation – place cameras on a VLAN isolated from computers and IoT devices.

  • Disable unused services – turn off Telnet,SSH,and UPnP on the camera and router.

  • Implement a firewall rule – allow inbound traffic only from the manufacturer’s IP range for OTA updates.

Monitoring & detection

  • Use a network‑traffic analyzer (e.g., Wireshark, Zeek) to flag outbound video streams to unknown IPs.

  • Set up alerts in your router for sudden spikes in outbound data (> 5 GB/day per camera).

  • Subscribe to vulnerability feeds – NVD,CVE‑Details,and vendor security bulletins.

Case Study: The “CamCreep” Botnet Attack

Element Details
Discovery Security researchers at Arctic Wolf identified a command‑and‑control (C2) server communicating with ~120 k cameras (Mar 2025).
Malware family camcreep – a hybrid of Mirai‑style scanning and custom ransomware module that encrypts stored video files.
Impact Over 15,000 households reported encrypted footage and ransom demands of $300-$1,200 per device.
Mitigation Swift‑patch released by major manufacturers; law‑enforcement seized two C2 servers in the Netherlands and the United Kingdom.
lessons learned – Importance of secure boot on IoT hardware.
– Need for real‑time telemetry to detect abnormal upload behavior.

Future Trends in IoT Surveillance Security

  1. Edge‑AI authentication – cameras will analyze facial patterns locally to verify legitimate users, reducing reliance on cloud checks.
  2. Zero‑Trust networking for IoT – micro‑segmentation and continuous identity verification for every device session.
  3. Regulatory push for mandatory security updates – the EU’s “Digital Services Act” is expected to enforce a 2‑year update window for consumer IoT products (draft 2025).
  4. Blockchain‑based device identity – immutable ledger for firmware signatures, making rogue firmware instantly detectable.

References

  1. Kaspersky Lab, IoT Security Report 2025, Chapter 4, “Camera‑Botnet Activity”.
  2. Trend Micro, Threat Landscape Review – March 2025, Section 2.3, “CamCreep Malware”.
  3. National Vulnerability Database (NVD),CVE‑2025‑1120 and CVE‑2025‑1194.
  4. The Verge, “Ransomware Group Leaks Live Home Feeds for Extortion”, April 2025.
  5. FBI Internet Crime Complaint Center (IC3), 2025 Annual Report – Credential Stuffing.
  6. Logistics Weekly, “Ransomware intrusion traced to Office Security Camera”, June 2025.

Senior Editor, Economy An award-winning financial journalist and analyst, Daniel brings sharp insight to economic trends, markets, and policy shifts. He is recognized for breaking complex topics into clear, actionable reports for readers and investors alike.

You may also like

Licata: Argument Between Boyfriends Escalates as 40‑Year‑Old Bolts...

Tech Forum Returns: Moulins Focuses on Key Sectors

Jeff Bezos: Central Restaurant & Lima Trip Surprise!

DFG project on systemic indoctrination in Russia

Amazon Evolves Alexa into a Full‑Scale AI Agent

Qatar Airways Appoints Hamad Ali Al‑Khater as New...

Precision Balancing to Suppress Common‑Mode Noise in High‑Power...

Monday Forecast: Overcast Skies, Light Showers, Temperatures Up...

Billionaire’s $30M Coat Hanger Fight in Melbourne

Seiko Quartz Watch Sale: Elegant Style, Now €200+...

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

@2025 - All Right Reserved.

Hosted by ByoHosting - Most Recommendeed Webhhosting. For complains, abuse, advertising contact:
[email protected]

Adblock Detected

Please support us by disabling your AdBlocker extension from your browsers for our website.