As dashcams become increasingly prevalent-and even mandated-in vehicles worldwide, security researchers are warning of a growing vulnerability too cyberattacks. Findings presented at the Security Analyst Summit 2025 in Thailand demonstrate how easily these devices can be compromised through their Wi-Fi connections, possibly exposing sensitive data like driving routes, personal locations, and private conversations. The research highlights a systemic security issue affecting a wide range of dashcam brands, emphasizing the need for drivers to take proactive steps to protect their privacy and security.
Dashcams are increasingly common in vehicles, and even mandatory in some countries, offering a valuable record of events in case of accidents. However, security researchers are warning that these devices are becoming a target for malicious actors. The findings, presented at the Security Analyst Summit 2025 in Thailand, reveal how attackers are exploiting vulnerabilities in these cameras.
While many dashcams don’t include a cellular connection, the vast majority offer Wi-Fi connectivity, allowing users to download footage or adjust settings. This Wi-Fi access point, researchers found, can serve as an entry point for attackers, particularly when default credentials remain unchanged.
Dashcam Security Flaws Exposed
According to the research, a nearby attacker who successfully exploits a dashcam can bypass authentication measures, steal recorded video and audio, and even access GPS data. This means sensitive conversations within the vehicle could be intercepted. The implications extend beyond privacy concerns, as dashcams are often overlooked as potential security risks.
Access to GPS data allows attackers to map a driver’s routes, identify frequently visited locations, and potentially uncover personal information like a driver’s home or work address. This highlights how a seemingly innocuous device can be weaponized for surveillance.
The investigation analyzed 15 different dashcam brands, spanning a range of models and price points, indicating the issue is widespread. Researchers consistently found that Wi-Fi connections were protected by default network names (SSIDs) and passwords easily discoverable through a simple online search.
The report identifies three primary attack vectors:
- Direct File Access: Attackers can exploit insecure network configurations to access and download video and audio recordings without authentication.
- MAC Address Spoofing: By cloning the MAC address of an authorized device, such as the owner’s smartphone, attackers can trick the camera into granting network access.
- Replay Attacks: Cybercriminals capture legitimate authentication data packets and resend them to gain unauthorized access to the system.
Attackers could even automate these attacks using malware, targeting numerous dashcams in a busy urban environment. This research underscores the growing need for better security practices in the connected car ecosystem.
Protecting Your Dashcam
The researchers emphasize that the vulnerabilities aren’t limited to dashcams and can affect other types of cameras as well. A key recommendation is to completely disable Wi-Fi and Bluetooth functionality when not in use, preventing remote access. This aligns with best practices for securing IP cameras.
Changing the default network name and password is also crucial, preventing attackers from leveraging generic credentials. Hiding the SSID can further enhance security.
To minimize the attack surface, consider disabling audio recording, limiting the potential for eavesdropping. Kaspersky published a detailed report on November 27 outlining these findings, available here.
Frequently Asked Questions Yes, if they contain vulnerabilities, these devices could be compromised and used to spy on you.
Ensure the firmware is up to date, the cameras are properly configured, and use quality models.
In the case of dashcams, attackers typically need to be in close proximity to exploit the Wi-Fi connection.
Could surveillance cameras in my home be targeted?
What steps can I take to protect my security cameras?
Do attackers need to be physically close?
