Christmas, which many people look forward to, is the peak season for hackers to spread malware, leak information, and conduct phishing scams. With all the end-of-year celebrations and public holidays, there is a lack of security staff monitoring the increase in online shopping and congratulatory messages being sent. Hackers will take advantage of the loosening cyber defenses and carry out cyber crimes. In particular, IoT and smart home products, which are becoming increasingly popular Christmas gifts, are good targets for hackers to exploit. Therefore, it is important to be careful of IoT and IP camera hackings that may occur. If you happen to come across an incredibly cheap Christmas special-priced IoT device, be careful, as devices sold at affordable prices often suggest that they have security flaws.

For example. an IP camera called Wireless IP Camera (P2P) WIFICAM has an authentication bypass vulnerability (CVE-2017-8225), so there have been many cases where the product was found to be infected with botnets. 

Smart products with security flaws allow hackers to easily hack into users’ accounts and access all their information. In all the IP cameras, AI speakers, and cordless vacuum cleaners sold on Amazon, eBay, and AliExpress, there is a good chance that it has already been hacked and is being used with malicious intent.

IP Cameras With Sub-Par Authentication Settings Are the Primary Targets 

Hackers who hack robot vacuum cleaners and IP cameras monitor the homes of their victims or illegally distribute videos of them. Devices that do not have login authentication enabled or use a default password without changing them are usually the prime target of attacks. 

Searching for exposed IP cameras on the internet using Tag: IP Camera on Criminal IP Asset Search gives a total of 428,473 results. 

[Criminal IP Search 101 – How to Find Exposed IP cameras]

Search Query : Tag: IP Camera

Search For "tag: IP Camera" on Criminal IP Gives a Total Result of 428.473 Exposed IP Camera Servers
Search For “tag: IP Camera” on Criminal IP Gives a Total Result of 428,473 Exposed IP Camera Servers

In some cases, hacked IP camera screens can be viewed without any login authentication.   

Hacked IP Camera Screen Exposed to the Internet Without Any Login Authentication
Hacked IP Camera Screen Exposed to the Internet Without Any Login Authentication

IoT Quitely Becoming Infected Like a Zombie

If a vulnerability is found in an IoT device, attackers can use the vulnerability to infect and inject malicious code. This makes a zombie device for DDoS attacks.

Inputting IoT keywords into the tag filter helps you to identify exposed IoT products and vulnerabilities.

Search Query : Tag: IoT

Search For "tag: IoT" on Criminal IP Gives a Total Result of 46,737 Exposed IoT Servers
Search For “tag: IoT” on Criminal IP Gives a Total Result of 46,737 Exposed IoT Servers

Among them, one IoT device was discovered to have as many as 39 vulnerabilities. This is something hackers can exploit for another cyber attack or sell information about the device on the dark web. 

Exposed IoT Server Intelligence Analysis Result, Found to have a Total of 39 Vulnerabilities
Exposed IoT Server Intelligence Analysis Results, Found to have a Total of 39 Vulnerabilities

IoT Product, IP Camera Hacking Prevention Checklist

To ensure an exciting Christmas, not a security nightmare, the following security protocols should be implemented:

  • Use products that are known to be secure 
  • Set up login authentication on devices and use complex passwords. Remember to change passwords from time to time.
  • Ensure all product software is updated to the latest version 

Most importantly, it is imperative to regularly use Criminal IP to ensure that your IoT is not exposed to the internet or has any vulnerabilities.

Please refer to our ‘Criminal IP Analysis Report on Overlooked Multi-Function Printer Vulnerability’ article for more information on IoT device vulnerability.

Source : Criminal IP (

Related Article(s) :