A baby cam acts as our distant eyes when we aren’t home and need to monitor the safety of our place. But while we track movements inside our rooms, someone else may be monitoring the place through the same baby cam.
The very cameras meant to protect homes are themselves vulnerable to intruders.
And Gujarat has emerged eighth in India with over 750 compromised cameras.
Of the reportedly 777 vulnerable IP cameras visible on the open Internet in Gujarat, the highest exposure is reported in Ahmedabad with 399 compromised devices. Second on the list is Surat (166), followed by Vadodara (87), Rajkot (33), Bhavnagar (24), and Gandhinagar (20).
Nationally, there are more than 21,000 exposed IP cameras, spanning homes, baby monitors, and small-business setups.
Delhi leads with 3,578 vulnerable devices, followed by Maharashtra (3,027), Karnataka (1,304), Telangana (1,146), Uttar Pradesh (1,139), Tamil Nadu (1,023), and Haryana (577), according to a report.
The issue came to light following an episode in South Bopal, where a baby cam installed to monitor a 1.5-year-old child and a babysitter turned out to be viewable from outside the home.
Security researcher Paul Marrapese reportedly flagged 21,444 vulnerable Indian cameras this year.
Most cheap cameras rely on a “convenience” technology called Peer-to-Peer (P2P) over the internet.
It has emerged that many internet‑connected baby cams — especially cheaper models — are highly vulnerable to hacking, highlighting that the problem is a serious privacy risk.
Instead of requiring any router configuration, these cameras connect themselves to secret company-run servers in faraway countries using a method called UDP hole punching. These servers act like traffic cops, connecting anyone who knows the camera’s UID, a unique ID printed inside every device.
Any camera with a UID format that looks like FFFF-123456-ABCDE is affected. Three major flaws have been uncovered: UIDs of cameras can be guessed, the algorithm behind iLnkP2P devices has been cracked allowing anyone to generate valid UIDs and access cameras, and attackers can impersonate the camera to grab the user’s password in plain text. Some vendors also secretly use customer cameras as relays.
Beyond live feed access, hackers have stolen tens of thousands of private video clips from hospitals, schools, corporate offices, factories, cinema halls and private homes, and sold them online through Telegram groups and other channels.
Many compromised systems used weak default passwords like “admin123,” enabling hackers to deploy automated brute-force bots and scanning tools to identify and breach devices at scale.
At least 80 CCTV dashboards across India were compromised in this manner, with over 50,000 video clips reportedly stolen over nine months. The content was monetised, with certain clips sold for between Rs 700 and Rs 4,000 through subscription-based Telegram groups.
Investigations revealed a nationwide cybercrime racket behind the breaches. The accused, already arrested, allegedly collaborated with overseas hackers, used VPNs to hide their tracks, and routed stolen CCTV footage internationally.
The larger threat, according to cybersecurity experts, is neglect. Many CCTV cameras have firmware vulnerabilities, updates exist but are rarely applied, and quarterly maintenance is recommended to stay safe.
Most vulnerable devices use the Lookcam (49%) or CamHi (44.5%) apps. Lookcam devices are often tiny nanny cams, while CamHi covers regular CCTV units.
Also Read: Inside India’s Largest CCTV Breach: Maternity Hospital Videos Sold On Telegram https://www.vibesofindia.com/inside-indias-largest-cctv-breach-maternity-hospital-videos-sold-on-telegram/
