The short answer
Yes, internet-connected CCTV can be hacked, most often because of weak or default passwords, out-of-date firmware, or an insecure home network rather than sophisticated attacks. The good news is that the main risks are largely preventable. You should change any default password to a strong, unique one, enable two-factor authentication where available, keep firmware and apps updated, secure your wifi router, and choose reputable equipment. Local-only (offline) recording removes much of the remote risk entirely. Get Safe Online and the NCSC publish practical advice on securing connected devices. This is general guidance — follow those sources for current best practice.
Stories of hacked cameras are unsettling, but most incidents trace back to a handful of avoidable weaknesses. Understanding them makes securing your system straightforward.
Securing your cameras
- Main weaknessdefault / weak passwords
- Key fixstrong, unique password + 2FA
- Keep updatedfirmware and apps
- Networksecure your wifi router
- Lowest remote risklocal-only recording
How CCTV actually gets compromised
When home cameras are compromised, it is rarely through clever, targeted hacking. The far more common causes are mundane: default or weak passwords that were never changed, old firmware with known vulnerabilities, reused credentials exposed in a data breach elsewhere, or an insecure home network. Automated tools scan the internet for connected cameras using factory-default logins, which is why a camera left on its out-of-the-box password is the most exposed of all.
Cloud accounts add another route. If the account that controls your cameras shares a password with other services and that password leaks, an attacker may reach your cameras without touching the device itself. None of this means connected cameras are inherently unsafe — it means the security depends heavily on a few good habits. Treating a camera like any other internet-connected account, with a strong unique password and updates, removes most of the realistic risk.
The essential steps to secure CCTV
A short checklist covers most of the danger. First, change the default password immediately to a strong, unique one, and never reuse a password from another account. Second, enable two-factor authentication (2FA) on the camera's app or account if it is offered, so a stolen password alone is not enough to get in. Third, keep the firmware and app updated, since updates frequently patch security flaws — turn on automatic updates where available.
Fourth, secure the foundation: your home wifi router. Change its default admin password, use strong WPA2 or WPA3 encryption, and keep its firmware current, because a compromised router exposes everything on the network. Fifth, choose reputable equipment from manufacturers that issue regular security updates, and be cautious of very cheap, unbranded cameras that may never be patched. These steps are simple, free or low-cost, and between them they close the doors that opportunist attackers rely on.
Reducing exposure further
Beyond the essentials, you can reduce the attack surface. Disabling features you do not use — such as remote access or older insecure protocols some cameras ship with — limits the ways in. Some households put cameras on a separate guest network so that, even if a camera were compromised, it could not easily reach computers and phones on the main network. Reviewing which apps and people have access to your camera account periodically, and removing any you no longer need, is also worthwhile.
The most thorough way to cut remote risk is to avoid the internet for the cameras entirely. A local-only, wired system recording to an on-site DVR or NVR has no cloud account to breach and no remote login to attack, so the main hacking routes simply do not apply. The trade-off is losing remote viewing and alerts. Many people accept a middle path — connected for convenience but properly secured — while those most concerned about privacy choose offline recording for the strongest protection.
| Action | Risk it addresses | Effort |
|---|---|---|
| Strong, unique password | default / reused credentials | low |
| Two-factor authentication | stolen passwords | low |
| Firmware / app updates | known vulnerabilities | low (automate) |
| Secure / separate network | router and lateral access | moderate |
| Local-only recording | remote hacking routes | higher (loses remote access) |
Indicative steps to secure home CCTV, from quick wins to stronger measures.
Why securing CCTV also protects others
Securing your cameras is not only about your own privacy. A compromised camera can expose footage of your household and anyone your cameras capture, and where your system is covered by UK GDPR because it films beyond your boundary, keeping footage secure is one of your duties under data protection law. A poorly-secured camera that leaks images of neighbours or passers-by is both a privacy failure and a potential breach of those responsibilities.
So the same good practices serve two ends at once: they keep intruders out of your system, and they help you meet the expectation to store footage securely. Get Safe Online and the National Cyber Security Centre (NCSC) both publish accessible, up-to-date guidance on securing smart devices and cameras, and they are good references to check periodically as advice evolves. The bottom line is that home CCTV can be hacked, but with strong passwords, 2FA, updates and a secured network, the realistic risk for a careful user is low.
It also helps to think about who has access over time. Camera accounts are often shared with family members or, during setup, with an installer, and those permissions can linger long after they are needed. Reviewing the list of people and devices that can reach your cameras, and removing any that no longer belong, closes a route that is easy to forget. The same applies if you replace a router or change broadband provider: make sure the old equipment is wiped or returned, and that any cameras are reconnected to a properly secured new network rather than left on default settings.
If you ever sell, return or dispose of a camera, treat it like any device that has held personal data. Perform a factory reset to remove your account details and any stored footage, and unlink it from your app, so that the next owner cannot access your information and you are not left with an orphaned device still tied to your account. These are small, occasional tasks, but together with strong passwords, two-factor authentication and regular updates they form a complete, low-effort routine that keeps a home CCTV system both secure against hacking and compliant with your duty to protect the footage it captures.
Frequently asked questions
How do I know if my CCTV camera has been hacked?
Warning signs can include the camera moving or making sounds on its own, unfamiliar logins or devices listed in the app, settings changing unexpectedly, or unusual data usage. If you suspect a compromise, change the password immediately, enable two-factor authentication, update the firmware, and review who has access. Get Safe Online and the NCSC offer guidance on responding to compromised devices.
Are wifi cameras less secure than wired ones?
Wifi and cloud-connected cameras have more potential remote attack routes than a local-only wired system, mainly through accounts and the network. That does not make them unsafe — with a strong unique password, two-factor authentication, updates and a secured router, a wifi camera is well protected. A fully offline wired system removes remote risk entirely but loses remote viewing.
Is it safe to use a cheap unbranded CCTV camera?
Be cautious. Very cheap, unbranded cameras may ship with weak default security and, crucially, may never receive firmware updates to patch vulnerabilities. Choosing reputable manufacturers that issue regular security updates is one of the more important decisions for keeping a connected camera secure over time.
Sources & further reading
Figures on this page are typical UK ranges drawn from published sources and depend on your specific property and system. They are guidance, not a quotation.