Your Surveillance Cameras Might Not Be Working For You

Every time I operated overseas, I saw cameras differently than most people do.

I didn’t see security infrastructure.  I saw potential collection assets pointed at me.  I had no way to prove who was watching on the other end.  I didn’t need to.  The assumption that those cameras could be compromised changed how I moved, where I went, and what I did in their field of view.

Most organizations never make that assumption about their own cameras.  That’s the problem.

On February 28, 2026, a joint U.S. – Israeli airstrike killed Iranian Supreme Leader Ayatollah Ali Khamenei.  The intelligence operation behind it was years in the making.  According to reporting from the Associated Press via PBS NewsHour, a significant piece of that operation involved hacking Tehran’s own traffic and surveillance camera network.  Israel didn’t bring exotic spy equipment.  They used Iran’s cameras.  The same cameras Iran installed to monitor dissidents and track protestors became the tool that mapped Khamenei’s security detail, identified where his bodyguards parked, catalogued their daily routines, and ultimately pinpointed his location on the morning of the strike.

Iran knew their cameras had been compromised.  A senior Iranian politician warned publicly about it.  It didn’t matter. The cameras kept running.  The vulnerability stayed open.

This isn’t just a story about nation-state intelligence operations.  It’s a story about a fundamental assumption most organizations make about their own security infrastructure.

You installed the cameras.  You assume they’re working for you.

That assumption deserves scrutiny.

According to the same AP investigation, a scan of unprotected camera feeds earlier this year found nearly three million exposed cameras worldwide.  Many run on default passwords that were never changed.  Many haven’t received a firmware update since installation.  Some are connected directly to the internet with no meaningful access controls.  Security researcher Paul Marrapese, who has studied this problem for years, put it plainly: “they’re fish in a barrel.”

This isn’t a theoretical risk reserved for government facilities or high-profile targets.  It applies to corporate offices, manufacturing plants, executive residences, and anywhere else organizations have installed cameras and stopped thinking about them.

The attack cycle matters here.  We’ve written before about how adversaries use publicly available information and pre-incident indicators to build targeting packages long before anything visible happens.  A compromised camera doesn’t just give an adversary a live feed.  It gives them pattern of life data.  It tells them when your executives arrive and leave.  It shows them which entrances get used and which ones don’t.  It maps the gaps in your physical security without anyone setting foot on your property.

Hamas used hacked Israeli cameras before the October 7, 2023, attack to monitor military patrol patterns.  Russia hacked cameras near missile targets in Ukraine.  These aren’t isolated incidents.  They represent a documented tactic that has moved from theoretical to operational.

The corporate implication isn’t that your organization is a geopolitical target.  It’s that the same vulnerabilities exist in your infrastructure, and the same methodology scales down to corporate espionage, executive targeting, and competitive intelligence collection.

Three questions every organization should be asking right now.

When were your cameras last audited for unauthorized access?  Not checked for picture quality.  Audited for who actually has access to the feed.

Are your cameras on a segmented network, or do they share infrastructure with your operational systems?  A compromised camera on a shared network isn’t just a surveillance problem.  It’s a network access problem.  The Cybersecurity & Infrastructure Security Agency (CISA) has issued repeated guidance on the importance of isolating security systems from business networks precisely because of this risk.

Who installed your cameras, and what is their supply chain?  Intelligence services have demonstrated the capability to compromise hardware before it ever reaches the end user.  The 2024 pager operation against Hezbollah showed what supply chain interdiction looks like when it’s weaponized.  Camera hardware is not immune to that methodology.

We’ve also covered why surveillance camera effectiveness ultimately depends on human factors and proper management, not just the technology itself.  The Tehran operation underscores that point in the starkest possible terms.

At Convoy Group, physical security assessments include a review of surveillance infrastructure because we understand that your cameras are either an asset or a liability.  There is no neutral ground.  An unaudited, improperly configured camera system doesn’t protect your organization.  It documents it for whoever is watching.

The lesson from Tehran isn’t about Iran.  It’s about the assumption that your security infrastructure is working the way you think it is.

I learned overseas not to make that assumption about anyone else’s cameras.  Your organization shouldn’t make it about its own.

If you want to understand what a physical security assessment actually looks like, reach out to the team at Convoy Group.  We’ll tell you what we find.