Last updated: June 2026
The MAC (Media Access Control) address of an IP camera is a unique hardware identifier that can be spoofed by attackers to impersonate a legitimate camera on the network. A MAC spoofing attack allows an intruder to replace a camera’s video feed with a pre-recorded loop, hide their presence from the NVR, or gain access to the camera VLAN. UK users who rely on MAC address filtering as a security measure are vulnerable to this well-known attack vector.

How MAC Spoofing Works Against CCTV Systems
An attacker with access to the local network (through a compromised WiFi network, a physical Ethernet port, or a previously compromised device) can use freely available tools to change their device’s MAC address to match a legitimate camera’s MAC address. The network switch sees the cloned MAC address and forwards the camera’s traffic to the attacker’s device instead of, or in addition to, the legitimate camera. The attacker can then: suppress the real camera’s traffic by sending deauthentication frames, substitute their own video stream (a pre-recorded loop showing an empty scene) for the real camera feed, and access the camera’s configuration by intercepting the NVR’s authentication to the camera.

Why MAC Address Filtering Is Not a Security Measure
MAC addresses are transmitted in plaintext in every Ethernet frame. Any device on the same network segment can see all MAC addresses in use. Changing a MAC address requires no authentication and no special privileges on standard network hardware. MAC address filtering provides a false sense of security because it can be trivially bypassed by any attacker who can observe the network. The IETFs RFC 2827 and subsequent security guidance explicitly warn that MAC addresses are not security credentials. Despite this, many CCTV installers still configure MAC address filtering on camera VLANs as the sole access control mechanism.
Proper Camera Authentication Methods
The only reliable way to prevent camera impersonation is 802.1X authentication on the network switch ports. 802.1X requires each device to present a certificate or credentials to the switch before it can access the network. A camera with a spoofed MAC address cannot authenticate unless the attacker also possesses the camera’s digital certificate. For existing systems without 802.1X support, the practical alternatives are: disable unused switch ports and configure port security that limits each port to one MAC address (prevents an attacker from connecting additional devices but does not prevent MAC spoofing through the same port), use encrypted video streams (RTSP with TLS or SRTP) that make it harder for an attacker to inject fake video, and monitor the network for duplicate MAC addresses using SNMP or a network monitoring tool.

Detecting a MAC Spoofing Attack
Signs of a MAC spoofing attack include: a camera that repeatedly disconnects and reconnects (the attacker’s device is fighting the legitimate camera for the MAC address), the NVR reporting “device conflict” or “duplicate IP” errors, a camera feed that shows a static or looped image while the NVR records the video stream (indicating the stream is originating from a device other than the camera), and the switch’s MAC address table showing the same MAC address on multiple ports. A network monitoring tool that alerts on MAC address changes or duplicate MAC appearances is the most reliable detection method.
Video: Smart Farming - Save $$ and Work Less

Frequently Asked Questions
1. Can someone spoof my CCTV camera’s MAC address?
Answer: Yes. MAC addresses are transmitted in plaintext and can be trivially changed using free software tools. MAC spoofing requires no authentication and no special network privileges. For more detail, see Dental and Medical Practices CCTV - UK legal requirements and GDPR compliance 2026. Also read our related guide: SNMP for CCTV Camera Monitoring: Uptime and Bandwidth. Browse our in-depth home security resource at Home Security Guide. Official UK guidance on this topic: ICO.
2. Is MAC address filtering secure for CCTV?
Answer: No. MAC address filtering provides a false sense of security. Any attacker on the same network can see all MAC addresses and clone one. It is not a security measure. For more detail, see How to maintain Offices and Commercial Buildings CCTV systems - UK guide 2026. Also read our related guide: VLAN for Camera Isolation: Network Security Best Practice.
3. How do I prevent camera MAC spoofing?
Answer: Use 802.1X authentication on switch ports (requires digital certificates). Enable switch port security to limit one MAC per port. Use encrypted video streams (RTSP with TLS). Monitor for duplicate MAC addresses on the network. For more detail, see How much does Schools and Education Settings CCTV cost in 2026? UK prices explained. Also read our related guide: Multicast vs Unicast for Multi-Viewer CCTV Setups.
4. Can MAC spoofing be detected?
Answer: Yes. A network monitoring tool can alert on duplicate MAC addresses appearing on different switch ports. The NVR may report ‘device conflict’ errors. A camera that repeatedly disconnects may indicate a MAC spoofing attack. For more detail, see Does Self Storage Facilities CCTV reduce insurance premiums in 2026? UK guide. Also read our related guide: PoE Power Budget Calculation: Real vs Rated.
5. What should I use instead of MAC filtering for camera security?
Answer: Use a separate VLAN for cameras (camera traffic isolated from main network), 802.1X port authentication, encrypted video streams, and strong admin passwords on all cameras. These provide genuine security, unlike MAC filtering. Also read our related guide: UPS Sizing for CCTV: How Long Do You Need?.

Conclusion
The difference between a security system that works and one that frustrates is understanding the real-world behaviour of cameras, cables, and the environment they operate in. Manufacturers sell specifications. Installers solve problems. The questions above represent the issues that UK homeowners and businesses actually face — the ones the spec sheets do not mention.
Article by Gary Pearce, qualified security systems engineer. For a free security assessment, visit gary-pearce-home-services.pages.dev. This guide was last updated June 2026. Verify current UK regulations with the ICO.
