John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
The camera in your building’s lobby probably isn’t a military target. It might be a military asset.
This isn’t theoretical anymore. Russia hacked cameras around Kyiv to observe infrastructure and air defense positions. Iranian state actors made hundreds of attempts against cameras in Israel, with the timing correlating directly to missile and drone strikes. Ukraine has done the same. So has Israel. It’s documented doctrine now, and the cameras getting hit aren’t specialized equipment. They’re the parking lot cameras. The warehouse security systems that haven’t been touched since installation.
Check Point researchers noted something particularly useful: camera-targeting activity from attributed Iranian infrastructure appears to precede follow-on kinetic events. Meaning aggressive camera scanning isn’t just intelligence collection. It might be a detectable early signal before a strike.
The entry vectors never change. Default credentials left in place. Firmware that hasn’t been updated in years. These aren’t sophisticated intrusions requiring zero-days. They’re credential stuffing and known exploits against hardware nobody put on a patch schedule because it’s “just a camera.”
Cisco Talos dropped a major disclosure this week: TP-Link Archer AX53 with 10 vulnerabilities including buffer overflow RCE, Hikvision access points carrying three CVEs including command injection and buffer overflows, and more. All patched now. But the next round is coming.
The fix is boring. Change the default credentials. Patch the firmware. Put cameras on their own VLAN. Then spend five minutes thinking about what yours can actually see.
Nation-states figured out that cheap physical reconnaissance is a credential list and an exposed camera interface. The cameras being used against conflict zones are there because nobody did those three things.
Don’t be the easy window.