Users were asked to install software updates from manufacturers and retire end-of-life devices that no longer receive security fixes.
| Photo Credit:
DEEPAK KR
CCTVs, or closed-circuit televisions, are meant to be the eyes on our properties. But they turn out to be doing exactly the opposite – giving out our information to the enemy. The hacker is watching the same footage that you have been watching.
Most hackers don’t need to sweat it out to barge into the CCTV networks. They simply use factory-set default passwords such as ‘welcome’, ‘admin123’ or ‘123456’ – as most companies and residential complexes want to make it ‘simple’.
Major vulnerability
The recent revelation that Pakistan could sneak into our CCTV networks at strategic locations via the Chinese products has sent shockwaves across the country. It is not confined to India. Cybersecurity firm Check Point’s research found that IP cameras (those that are connected to the Internet) were targetted across Israel, Qatar, Bahrain, Kuwait, the UAE, Cyprus and Lebanon.
Hackers breaking into CCTVs networks has become a major cybersecurity vulnerability.
Here are some chilling facts – In November 2025, authorities dismantled a massive cybercrime ring that had compromised 80 CCTV dashboards across 20 Indian States. Over nine months, hackers stole at least 50,000 video clips from hospitals, schools, offices, and homes in cities like Pune, Mumbai, Surat and Delhi. They sold the footage online for ₹700 to ₹4,000 per clip, feeding an international voyeuristic network.
“For thousands of Indian families and businesses, this nightmare became real. And now, a far more chilling reality has emerged: foreign intelligence agencies may have been watching too,” Kiran Vangaveti, Founder and Chief Executive Officer of cybersecurity company BluSapphire, told businessline.
‘A wake-up call’
He felt that this episode (Pakistan accessing our CCTVs) was a rude wake-up call. “It forced the government to act swiftly. From April 1, 2026, any internet-connected CCTV device sold in India must pass stringent security certification standards. Major foreign manufacturers have been effectively barred unless they meet these requirements. Indian brands like CP Plus, Qubo, and Matrix now control over 80 per cent of the market,” he said.
“Yet millions of existing cameras – in homes, offices, hospitals, and military installations – remain vulnerable,” he pointed out.
Check Point Research said in a blog that the attack on CCTVs peaked during the peak days of the attacks in the ongoing war in West Asia.
In a blog post on CCTV espionage, it asked organisations to remove direct WAN (Wide Area Network) access to cameras and place them behind a VPN (virtual private network) or a zero-trust access (no one except the designated person) gateway. It wanted them to change default passwords and enforce unique credentials.
Kiran Vangaveti asked users to install software updates from manufacturers and retire end-of-life devices that no longer receive security fixes.
“You need to isolate cameras on a dedicated VLAN (virtual local area network) with no lateral access to corporate networks. You should also tightly control outbound traffic,” he said.
Experts also flag the dangers involved in cloud-based video feeds. “If the provider’s servers are hacked, your footage is exposed regardless of your password strength. Use local storage, such as a Network Video Recorde, instead, where you maintain complete control,” he pointed out.
Published on April 14, 2026
