Last updated: June 2026
An IP security camera connected to the internet without proper security configuration is accessible to anyone who scans for vulnerable devices. The Mirai botnet attacks of 2016 demonstrated that unsecured cameras can be compromised within minutes of connecting to the internet. Despite increased awareness, UK households and businesses still leave cameras exposed through default passwords, unpatched firmware, and unnecessary port forwarding.

How Cameras Are Discovered and Compromised
Attackers use automated tools that scan IP address ranges for open ports commonly used by cameras: 80 (HTTP), 443 (HTTPS), 554 (RTSP), 8000 (Dahua), and 8080 (Hikvision). A Shodan search in 2025 still shows over 500,000 IP cameras accessible from the internet worldwide. Once a camera is found, the attacker tries default credentials: admin/admin, admin/12345, or the manufacturer’s default password from the manual. Most consumer cameras ship with no password or a device-specific default that is documented online. Compromised cameras are added to botnets for DDoS attacks, used as entry points into the home network, or their video feeds are posted on live-streaming sites.

The Five Security Changes Every Camera Needs
First: change the default administrator password to a unique, 16+ character passphrase immediately on installation. Second: disable the default RTSP stream if not needed, or set a unique RTSP authentication credential. Third: update the camera firmware to the latest version before connecting it to the network. Fourth: if the camera must be accessible remotely, use a VPN rather than port forwarding. Port forwarding exposes the camera directly to the internet. A VPN creates a secure tunnel that only authorised users can access. Fifth: enable HTTPS on the camera’s web interface to encrypt login credentials transmitted over the network.
Network Segmentation: The VLAN Solution
Place all IP cameras on a separate VLAN (Virtual Local Area Network) that is isolated from the main home or business network. The camera VLAN can access the NVR and the internet (for firmware updates and remote access through a VPN), but cannot access the main network. If a camera is compromised, the attacker cannot reach computers, phones, or other devices on the main network. Most managed switches support VLAN configuration. For unmanaged switches, use a separate physical switch for cameras only, connected to the router through a firewall rule that blocks camera-to-internet traffic except through the VPN.

Monitoring for Compromise
Check the camera’s access log periodically for unrecognised IP addresses. Monitor the camera’s bandwidth usage — a sudden increase in upstream traffic may indicate the camera is streaming to an unauthorised viewer. Review the NVR’s device list for unrecognised cameras. Subscribe to the manufacturer’s security advisory mailing list to receive firmware update notifications. For business systems, consider a network monitoring tool that alerts when a new device appears on the camera VLAN or when a camera connects to an unrecognised IP address.
Video: H.265 (HEVC) vs H.264 (AVC) Compression: Explained!

Frequently Asked Questions
1. Can hackers access my security cameras?
Answer: Yes, if the cameras have default passwords, unpatched firmware, or are exposed to the internet through port forwarding. Over 500,000 IP cameras remain accessible from the internet worldwide. For more detail, see How to install CCTV for Gyms and Fitness Centres - UK step by step guide 2026. Also read our related guide: Encryption Overhead on Older NVRs: SSL Performance. Browse our comprehensive CCTV knowledge base at CCTV Systems Guide. Official UK guidance on this topic: SSAIB.
2. How do I secure my CCTV cameras from hacking?
Answer: Change default passwords immediately, update firmware, disable unnecessary RTSP streams, never use port forwarding (use a VPN instead), and isolate cameras on a separate VLAN from the main network. For more detail, see How much does Gyms and Fitness Centres CCTV cost in 2026? UK prices explained. Also read our related guide: RTSP vs RTMP Streaming for CCTV: Latency and Compatibility.
3. What is the most common camera security mistake?
Answer: Leaving the default admin password unchanged. The second is enabling port forwarding so the camera is directly accessible from the internet. Both take minutes to exploit. For more detail, see How to maintain False Alarm Reduction CCTV systems - UK guide 2026. Also read our related guide: Frame Rate vs AI Detection: The FPS Sweet Spot.
4. Do I need a VLAN for my home security cameras?
Answer: Strongly recommended if cameras have internet access. A VLAN prevents a compromised camera from accessing your main network devices. A simple managed switch supporting VLANs costs £50–£100. For more detail, see How to maintain Self Storage Facilities CCTV systems - UK guide 2026. Also read our related guide: Dual-Lens Cameras: Wide + Telephoto Benefits.
5. How do I check if my cameras are accessible from the internet?
Answer: Use a free port scanning website or tool to scan your home IP address for open ports 80, 443, 554, 8000, and 8080. If any are open, you have port forwarding enabled and should switch to a VPN immediately. Also read our related guide: ePoE vs Standard PoE: Extended Reach for CCTV.

Conclusion
The difference between a security system that works and one that frustrates is understanding the real-world behaviour of cameras, cables, and the environment they operate in. Manufacturers sell specifications. Installers solve problems. The questions above represent the issues that UK homeowners and businesses actually face — the ones the spec sheets do not mention.
Article by Gary Pearce, qualified security systems engineer. For a free security assessment, visit gary-pearce-home-services.pages.dev. This guide was last updated June 2026. Verify current UK regulations with the ICO.
