Dashcams have surged in popularity as indispensable tools for documenting road incidents, insurance claims, and even everyday drives. However, recent research reveals a chilling vulnerability: hackers can seize control of these devices in mere seconds, turning them into surveillance weapons for stalking, data theft, or even botnet-style attacks.
Presented at the Security Analyst Summit 2025 by a team of Singaporean cybersecurity researchers, the findings highlight how even offline dashcams—those without cellular connectivity—can be exploited via their built-in Wi-Fi features meant for smartphone pairing.
How Hackers Hijack Dashcams in Seconds
The attacks exploit common design flaws across dozens of models from about 15 brands, including popular ones like Thinkware and IMAKE. These devices often run on similar ARM processors with lightweight Linux builds, making them ripe for IoT-style exploits. Here’s a breakdown of the key methods:
• Default Wi-Fi Access: Dashcams create their own Wi-Fi hotspot (using predictable SSIDs and hardcoded passwords from the manual). An attacker in proximity—say, at a gas station or in traffic—can connect directly without needing the owner’s credentials.
• Authentication Bypass Techniques:
• Direct File Access: Hackers request video files straight from the device’s web server, which only checks passwords at the login page—not for downloads.
• MAC Address Spoofing: By eavesdropping on the owner’s phone connection, attackers mimic the phone’s unique identifier to impersonate it.
• Replay Attacks: Record a legitimate pairing session between the dashcam and app, then replay it to gain entry later.
Once inside, hackers access the device’s FTP or RTSP servers (often protected by extractable default passwords from the manufacturer’s app) to stream live video, download stored footage, or pull GPS logs—all in under a minute. In tests on over two dozen models, a single automated script could crack about a quarter of urban dashcams by brute-forcing these weaknesses.
Weaponizing Dashcams for Future Attacks
The real danger lies in scalability. Researchers developed self-propagating “worm” code that runs on infected devices, scanning for and attacking nearby dashcams in real-time—especially effective in slow traffic or parking lots where vehicles cluster. This creates “botnets on wheels”: networks of hijacked cams relaying data via built-in LTE (if present) or cloud uploads to a hacker’s server.
Compromised dashcams yield rich surveillance hauls:
• Video and Audio Intel: High-res footage of roads, license plates, faces, and interiors, plus microphone captures of conversations or even played music.
• Location Tracking: GPS metadata reveals routes, home/work addresses, and habits—potentially de-anonymized by cross-referencing with public data.
• Advanced Analysis: Hackers can use AI tools (e.g., OpenAI for audio transcription) to summarize trips or extract details like street signs via OCR.
Criminals could use this for targeted stalking, insurance fraud, or selling data on the dark web. In extreme cases, it paves the way for broader vehicle hacks if the dashcam connects to the car’s systems.
How to Protect Yourself
While manufacturers lag on fixes, you can minimize risks with these practical steps (ranked from most to least disruptive):
• Go Minimalist: Opt for dashcams without Wi-Fi, Bluetooth, LTE, or cloud features. If buying new, prioritize wired-only models.
• Disable Features: Turn off Wi-Fi/Bluetooth when not pairing; physically tape over the microphone to block audio; disable parking mode to limit exposure.
• Secure Settings: Change default SSIDs/passwords immediately, hide your Wi-Fi network, and set the shortest auto-shutoff timer.
• Stay Updated: Regularly check for firmware and app updates—many brands now push patches post-this research.
• Proximity Awareness: Avoid leaving your car in high-traffic spots with Wi-Fi enabled; use a Faraday pouch for the device if paranoid.
For manufacturers: Implement “security by design” with strong encryption, randomized credentials, and regular audits—don’t treat dashcams as “dumb” hardware anymore.
This isn’t sci-fi; it’s a wake-up call for the 100+ million dashcam users worldwide. If your device is from a tested brand, audit it now. Stay vigilant—your next drive could be someone’s next target.