Every year the world gets “smarter”: smart homes, smart TVs, smart kettles… and, as a recent incident in South Korea proved, smart cameras that behave so stupidly you can hack them faster than you can open your refrigerator door.
South Korean police have arrested four individuals who gained unauthorized access to more than 120,000 home and commercial IP cameras. The case is already being called one of the largest in recent years - hardly surprising when half the planet still uses ultra-budget cameras with passwords like admin/admin. The ending, как говорится, было предсказуемо.
But let’s take it step by step.
How It Started: Four Hackers and Thousands of Easy Targets
According to the National Police Agency, the hackers didn’t work together as a gang. They each operated solo - but their methods were so similar you’d think they graduated from the same cybercrime school or simply exploited the same universal weaknesses of cheap cameras.
Among their favorite techniques:
- massive brute-forcing of factory passwords, from the classic 123456 to the philosophical password;
- exploiting outdated firmware that the manufacturer likely forgot how to compile years ago;
- connecting via unsecured P2P servers (a hacker’s version of a red carpet);
- scanning networks for open RTSP and HTTP ports;
- using web interfaces clearly designed not by an engineer but by a tired intern.
Some cameras even wouldn’t allow changing the default password without a firmware update. Firmware which, of course, nobody had touched since the Jurassic period - and the manufacturer had likely vanished from Earth long before the dinosaurs.
The Stolen Content: Numbers That Terrify the CCTV Market
Police discovered that just two of the arrested individuals were responsible for 62% of all illegal content posted on the foreign website where the videos were sold.
Here are the cold (and chilling) numbers:
- one hacker breached 63,000 cameras, created 545 videos, and earned 35 million won (≈ $23,800);
- another accessed 70,000 cameras, made 648 videos, and pocketed 18 million won (≈ $12,200).
Together, they produced nearly 1,200 videos, sourced from apartments, suburban homes, karaoke bars, yoga and pilates studios, hotels, offices, beauty salons, and — most disturbingly — gynecology clinics.
This is one of those moments when even the boldest marketers won’t dare say “a camera for home and office” without cringing.
Police Now Putting Out a Fire That Should’ve Been Prevented
Authorities have already identified 58 locations where compromised cameras were installed and personally notified the owners. Victims are being guided to:
- change their passwords (preferably to something not resembling qwerty);
- disable shady cloud services that promised “storage forever”;
- remove leaked content from the web;
- update firmware and close the unnecessary ports waving like an open invitation.
An international effort is also underway to block the website distributing the stolen videos and track down the operator, who is believed to be located outside South Korea.
Why This Happened: The Global Problem of Ultra-Budget IoT Cameras
The dramatic “how did this happen?!” question sounds emotional only to those unfamiliar with cameras sold for $10–15 on marketplaces under 30 different names.
Inside these devices, you’ll often find:
- factory passwords that cannot be changed;
- zero encryption for video streams - like the early 2000s all over again;
- open RTSP and ONVIF ports;
- P2P protocols that are insecure by definition;
- firmware older than most memes;
- identical MAC addresses across thousands of units;
- dozens of untraceable “brands” appearing and disappearing overnight.
All these “features” make cheap cameras not security devices but wide-open windows into their owners’ private lives.
Consequences: The CCTV Industry Is Being Forced to Grow Up
The South Korean incident is now widely discussed among CCTV manufacturers and integrators in Asia. Expectations include:
- mandatory password changes at first launch;
- strict limits or bans on unsecured P2P access;
- national registries of safe IoT devices;
- oversight for foreign cloud platforms;
- requirements for encryption and firmware updates.
The incident made it painfully clear: the mass adoption of budget IP cameras turns homes, offices, and even medical facilities into easy prey. Saving money feels smart — right until a video from your living room appears on an overseas forum.
The Main Lesson: The Era of Ultra-Cheap Camera Junk Should End
Yes, cheap cameras are tempting. But the price is often the only good thing about them.
Proper surveillance requires:
- regular firmware updates,
- real encryption,
- strong authentication,
- closed ports,
- no P2P-shaped holes in the system,
- and, most importantly, professional surveillance software that protects the entire ecosystem.
Because real CCTV software doesn’t just record video — it:
- works over secure protocols,
- disables unsafe camera features,
- monitors updates,
- detects suspicious connections,
- manages reliable local or cloud storage,
- and generally turns IoT chaos into something resembling actual security.
If we entrust cameras with our homes, workplaces, and medical spaces, they should at least be able to protect themselves. Surveillance stopped being a luxury long ago — but that doesn’t mean we should treat it like a toy.
The South Korean case is a painful but necessary reminder: security is never cheap - but hacking always is.