A hacker wearing a mask

There’s a website called Insecam where you can peruse live footage from tens of thousands of IP security cameras around the world. Bedrooms, living rooms, porches, kids’ rooms — all on view 24/7, all without their owners’ knowledge or consent.

If you’ve ever wondered if such a scenario is possible, the answer is a resounding “Yes.” Your security camera can be hacked.

The mind behind Insecam says he created the website to show us how vulnerable our smart devices are. But if you’re a homeowner with a Google Nest cam in every room in the house, I’d wager you don’t care why he does it. You’re just wondering how he does it. Fair question. I’ll show you how in a second.

Just how many security camera hackers are operating today is difficult to say. We’ve seen stories like the Texas couple we reported on who woke one night to the sounds of a predator growling at their 4-month-old through a hacked baby monitor. (Here’s how to stop baby monitor hacks, by the way.) Or the growing number of pervs planting spy cams in our hotel rooms and vacation rentals.

Safe to say, there’s no shortage of goons out there making us feel violated and helpless in our own houses using the very home security cameras we’ve installed to protect ourselves. The good news is, nine times out of 10, you can put a stop to these peeping Toms pretty easily.

Did You Know? In 2021, a Swiss white-hat hacker named Tillie Kottmann hacked into 150,000 commercial Verkada security cameras, including cameras in hospitals, schools, police departments, and prisons.1

How Can My Security Camera Get Hacked?

Security cameras are like every piece of security tech we bring into our homes. They make our lives safer, but they’re also vulnerable to attack. How vulnerable boils down to two factors: how seriously the manufacturer takes security, and how seriously we take it. In the worst case scenario, we buy shoddy, no-name security equipment, take no precautions, and easily fall victim to one of the following three common attacks:

  1. A hacker buys our credentials off the dark web after a breach and uses them to access our cameras because we reuse passwords.
  2. A creep hacks into our cameras because we’ve used weak passwords or haven’t changed our default login credentials.
  3. A criminal hacks into our cameras because we haven’t installed the latest security patches or because our cameras aren’t using strong encryption.

If this sounds abstract, here’s how it could all come together in the real world.

Let’s say a hacker tracks down the IP address of your bargain-basement camera using a network scanner like Angry IP Scanner. They’ll take that IP address and use it to log in to the camera’s back end. If you haven’t changed the default username or password, they’ll type in those credentials (which can be found online), and voilà, they’re spying on you in your living room.

To be clear, it isn’t quite as easy as I’ve made it sound, but that’s the gist. IP camera hacking doesn’t require an advanced degree in cybercrime.

FYI: According to a 2018 study, less than 1 in 5 of us changes the default login credentials for our routers and devices.2

How Can I Prevent Criminals from Hacking My Security Cameras

We know how hackers work. Now it’s time to empower ourselves against them.

Step 1: Change Default Login Credentials ASAP

The first thing you should do after you unbox your new security camera is to find its IP address, log in, and change the default username and password. Taking this simple precaution will reduce your odds of getting hacked via the back end significantly.

Step 2: Use a Strong Password

Most IP security cameras today also require an app. These apps require usernames and passwords. Pick an original password and don’t recycle. If you do this — and you’ve invested in a quality security camera brand that’s serious about encryption and security patches — you’ve cut your chances of falling victim to a wannabe hacker to almost nil.

Step 3: Set Up Two-Factor Authentication

Two-Factor Authentication (2FA) is the equivalent of a bulletproof vest against account hacks. Once you enable 2FA, anyone that wants to log in to your account will need a one-time password (OTP). If you set up delivery by text message, criminals can’t get in without your phone.

Pro Tip: How many logins do you have? 200? 300? 400? It’s impossible to memorize so many usernames and strong passwords (and dangerous to write them down). Instead, consider using a password manager. There are excellent free and subscription options available.

Step 4: Set Up Push Login Notifications

If 2FA is a bulletproof vest, push login notifications are the sounds of the bullets bouncing off your perv-proof camera. Once alerts are enabled, you should get a message whenever someone logs in, or tries to log in, to your account. That way, even if worse comes to worst and a criminal hijacks your cameras, you can take them offline until you’ve got the situation under control.

Step 5: Update Your Software and Firmware Regularly

No security company can say with absolute certainty that their products are hack-proof. But the best of the best are on the lookout 24/7 for potential vulnerabilities, and send patches out quickly over the air (OTA) when they detect one. With OTA updates, your cameras update automatically as soon as the patch goes live. The same goes for the software embedded in your hardware, aka your firmware. Which brings us to our final tip.

Step 6: Use Quality Home Security Cameras

Every digital hygiene measure we’ve discussed hinges on one important assumption: that you’ve invested in reliable, vetted, quality home security equipment. Knockoff cameras may be cheap, but their software is likely full of backdoors and not regularly patched, leaving you and your family vulnerable to dime-a-dozen hackers.

Did You Know? According to a 2019 Google study, 59 percent of people use their birthdays for passwords and more than half use the same password for multiple accounts.3

How Do I Know if My Security Camera Has Been Hacked?

You may have heard that it’s virtually impossible to detect a compromised home security camera. That’s not really true. Here are a few telltale signs that you’ve got company:

  1. Your camera is following you around the room. This sounds like a horror movie scenario, but it does happen, and it probably means a creep is controlling your camera from his mother’s basement.
  2. You open up your router settings and find a device connected to your network that you don’t recognize. That’s either a generic gadget you forgot about, or a bona fide lurker.
  3. You notice there’s a drain on your internet speeds that you can’t attribute to throttling or to rush hour traffic. The more devices on your network, the less bandwidth to go around. But honestly, it’s pretty unlikely that you’ll uncover a hacker this way — unless they’ve invited their crew to join in the fun, which happened a few years ago in the infamous Ring camera hacks.4
  4. Your camera is sluggish. A laggy camera could mean that someone’s siphoning off its processing power to do something else, like mine cryptocurrency. This is a lot better than finding out a sociopath is surveilling your bedroom, but it’s still an uninvited parasite you need to remove from your camera pronto.
  5. Your camera is making weird noises (or really any noise at all). Your camera should be silent unless you’re using two-way audio. If you hear background noise, static, or any kind of clicking or beeping, it may be because a pervert has glommed onto your audio feed.
  6. Your camera is blinking. LED functionality varies from provider to provider. For SimpliSafe cameras, for example, a blinking blue LED means someone’s recording or watching a live feed. For the Google Nest cam, you’ll see a pulsing green light when someone’s watching. Bottom line? If you see an LED light doing anything when no one in your family is watching that feed, you could have a visitor.

FYI: Despite the fact that they do happen, home security camera hacks aren’t very common. Most cybercriminals with the skills to take over a security camera prefer more lucrative crimes like ransomware attacks or any number of new, worrisome AI scams that have hit the streets in the past year.

The Best Security Cameras to Thwart Hackers

Some of us are looking for the number one professionally installed security system, while others are looking for a couple of sturdy wireless cameras that don’t cost much, or a smart camera that’ll fit in with their current smart home security setup. But the one thing all of us are looking for is a camera that helps us keep peeping creeps out of our homes. These three brands earn our top marks against hackers:

Brand 2FA Login Alerts Over the Air Updates Known breaches or hacks
SimpliSafe Yes No, only OTPs Yes No
Vivint Yes Yes Yes No
Google Nest Cam Yes Yes Yes Yes

A few quick notes:

  • With SimpliSafe, you won’t actually receive an email notifying you that there’s been a login attempt. Instead, you’ll receive a one-time password, which means that someone has tried to log in to your account. It’s not ideal, and potentially confusing, but the OTP can serve as an alert.
  • Department of Energy cybersecurity researcher Logan Lamb allegedly managed to suppress a live Vivint alarm system in 2014, but there aren’t any known breaches by cybercriminals.5
  • In 2020, Google forced Nest Cam users to enable 2FA after hackers broke into a number of their cameras. Despite this, we believe Nest Cams are still among the safest security cameras on the market.6

Pro Tip: If you suspect your home security camera has been hacked, take all the cameras in the house offline immediately. You should also shut down your Wi-Fi. If you have a monitored home security system, contact your provider for the next steps. If you handle the monitoring yourself, reach out to the camera manufacturer. Once you’re out of immediate danger, contact the police.

Bottom Line

Thankfully, residential security camera hacks are relatively rare. However, we can all reduce the threat of a breach to almost nothing if we take a few pretty simple precautions.

One, don’t buy low-quality cameras. Invest in real security companies with real security infrastructure. Two, get a password manager so you can use strong, unique passwords for all your accounts. Three, listen to Google and enable two-factor authentication on all your apps. If you’ve taken all three safety steps, it would take a creep with exceptional hacking skills and dedication to worm their way past your defenses and into your home.

Frequently Asked Questions