Dubai Police Warn: Your Smart Home Could Be Spying on You — Act Now
Dubai Police issued an urgent public warning: weak passwords on smart home devices — cameras, doorbells, smart TVs — are leaving UAE residents exposed to hacking, extortion, and privacy violations. Here is exactly what to do this week.
Key Takeaways
- Dubai Police issued a formal cybersecurity warning on April 30, 2026 — weak passwords on smart cameras and home devices are actively exploited by hackers
- Default factory passwords (admin/admin, 123456, or the device serial number) are the single most common entry point for home camera hacking
- UAE digital identity attacks surged 32% — smart home devices are a primary target because most residents never change default credentials
- Dubai Police recommend: change all default passwords immediately, enable firmware auto-updates, and switch off cameras when not needed
- A professional camera security audit from AED 250 covers every device in your home — passwords, firmware, network exposure, and remote access settings
On April 30, 2026, the General Department of Criminal Investigation — specifically the Cybercrime and Electronic Crime Department — issued a public advisory that every homeowner in Dubai, Sharjah, and Ajman should read. The message is stark: your smart home camera, your connected doorbell, your internet router — if any of them still have a factory default or weak password, they are not just insecure. They are open doors. Hackers are actively scanning for exactly these devices right now, and the UAE has seen a 32% surge in digital identity attacks in the past year alone. This is not a theoretical risk. It is happening in homes in your building, on your street, in your community — and the fix starts today.
What Dubai Police Actually Said — and Why It Is Serious
The advisory came from the General Department of Criminal Investigation's Cybercrime and Electronic Crime Department — not a general awareness campaign but a specific, targeted warning based on active cybercrime intelligence. Khaleej Times reported the full advisory on April 30, 2026.
The police explicitly warned that many cyberattacks exploit devices relying on default or weak security settings, which can be accessed through simple technical methods. Translation: attackers do not need sophisticated skills to break into a home camera that still has its factory password. They run automated tools that try default credentials across millions of IP addresses every hour. Your camera shows up in the results within minutes of connecting to the internet.
The consequences the police highlighted are not minor inconveniences. They include hacking, privacy violations, and cyber extortion — meaning someone with access to your home camera can record footage of your family, your home layout, your routines, and then threaten to publish or share it unless you pay.
How a Hacker Gets Into Your Home Camera (It Takes Less Than 3 Minutes)
Most people imagine hacking involves a skilled programmer typing code for hours. For smart home devices with default passwords, the reality is far simpler. Automated tools — freely available online — scan ranges of IP addresses and try known default credentials for hundreds of camera brands simultaneously. A camera with the default admin password can be accessed in under 3 minutes.
Shodan, a publicly accessible search engine for internet-connected devices, currently indexes thousands of unsecured cameras in the UAE. Any user — no technical skill required — can search for cameras in a specific city, see live feeds, and access admin panels. This is not hacking in the dramatic sense. It is simply using a device's front door that was left unlocked.
Once inside, an attacker can watch live footage, review recorded footage, change camera angles, disable the recording, or use the device as a pivot point to access other devices on your network — including your router, laptop, and NAS storage.
Open your camera app. Can you log into the admin panel at its IP address using 'admin' as both username and password? If yes — and even if no — change that password today. You are almost certainly using a default credential that is published online.
The 5 Signs Your Smart Camera May Already Be Compromised
Camera hacking rarely triggers obvious alerts. Most compromised devices continue to work normally for the owner — while also streaming footage to an attacker. These five signs suggest your device may already have unwanted access.
- The camera moves on its own — PTZ (pan-tilt-zoom) cameras physically pan or tilt without you controlling them
- Unusual data usage on your router — a compromised camera streams footage out constantly, consuming 2–5 GB per day
- The indicator light behaves unexpectedly — some cameras have LEDs that flicker when actively accessed remotely
- Login attempts in your camera app history — many apps log recent access; check for unrecognised times or locations
- Your router shows an unknown connected device — log into your router admin panel and check the device list for anything unfamiliar
Dubai Police's Official Recommendations — Translated Into Action
The Cybercrime Department issued five specific recommendations. Here is what each one means in practice for a Dubai household.
Change default passwords immediately upon activating any new device — and use strong, complex passwords combining letters, numbers, and symbols. For cameras, this means going into the camera's admin panel (usually via its IP address or manufacturer app) and changing the admin password to something unique with at least 12 characters. Do not use your WiFi password, your phone number, or any personal information.
Regularly update operating systems and applications to address security vulnerabilities. Camera firmware updates patch known security holes. Most cameras have an auto-update option in settings — enable it. If your camera is more than 3 years old and the manufacturer has stopped releasing updates, it is a liability.
- Change all default camera passwords — never leave admin/admin or the printed serial number as your password
- Enable automatic firmware updates on every camera and smart device
- Do not share camera access credentials via phone, email, or messaging — regardless of how official the request seems
- Switch off surveillance systems when not in use, particularly in private areas of the home
- Never click links or download apps from unverified sources to manage your cameras
Scammers in the UAE are actively impersonating camera brand support teams — calling residents and asking them to share their camera login for a 'firmware update'. Dubai Police specifically warned against this. No legitimate camera brand will call you asking for your password.
What You Can Do Right Now — No Tech Skills Required
The following five actions take under 30 minutes total and address the most critical vulnerabilities identified in the Dubai Police advisory. Do them today.
Open your home WiFi router's admin panel (usually 192.168.1.1 or 192.168.0.1 in your browser — login details are on the router label). Look at the list of connected devices. Every device you do not recognise should be investigated immediately. Rename devices you do recognise so you can track them easily.
Log into each smart camera's app or admin panel and change the password. Use a password manager like 1Password or Google Passwords to generate and store a strong unique password for each device. If a camera's password cannot be changed — this is a sign of an extremely old or poorly designed device — it should be replaced.
- Check connected devices on your router right now — remove or block anything unrecognised
- Change every camera and smart device password to a unique 12+ character password
- Enable 2-factor authentication on your camera app where available
- Check your camera app for recent access logs and active sessions
- Update all camera firmware immediately via the manufacturer app or admin panel
When You Need a Professional: The AED 250 Camera Security Audit
If you have more than two cameras, a mix of brands, or devices you set up years ago and have not touched since, a professional audit is the only way to be certain every device is properly secured. The process of tracing every smart device on a typical UAE home network — cameras, smart TVs, doorbells, smart plugs, routers — and verifying each one's password strength, firmware version, remote access settings, and network exposure takes specialist tools and experience.
SAS Home Tech offers a full smart home camera security audit starting from AED 250. A technician visits your home, audits every connected camera and smart device, changes passwords and enables firmware updates on the spot, checks your router for unknown devices, and gives you a written report of everything found and fixed. For most homes, the full audit and remediation takes 60–90 minutes.
Given the Dubai Police warning and the documented surge in UAE cyber attacks targeting home devices, this is one of the most practical investments a homeowner can make this month.
Frequently Asked Questions
What did Dubai Police warn about regarding smart home devices?+
On April 30, 2026, the General Department of Criminal Investigation's Cybercrime and Electronic Crime Department issued a public warning that weak and default passwords on smart home devices — including cameras, smart TVs, and connected doorbells — leave UAE residents vulnerable to hacking, privacy violations, and cyber extortion. The police issued specific recommendations: change all default passwords immediately, use strong complex passwords, enable firmware auto-updates, and switch off surveillance systems when not in use.
How do I know if my home camera has been hacked?+
Signs include: the camera physically moving without your input (PTZ models), unusually high data usage on your router, unknown active sessions in your camera app, or unrecognised devices appearing on your router's connected-device list. However, most compromised cameras show no obvious signs — the safest approach is to change all passwords, review access logs, and have a professional audit conducted if you have multiple devices or older cameras.
What is the default password risk on smart cameras in UAE?+
Default passwords (commonly admin/admin, 123456, or the device serial number printed on the label) are published in publicly accessible databases online. Automated tools scan for devices using these credentials 24/7. A camera connected to the internet with its factory default password can typically be accessed by a remote attacker in under 3 minutes. The Dubai Police advisory specifically cites default passwords as the primary attack vector.
How much does a professional camera security audit cost in Dubai?+
SAS Home Tech offers a full smart home camera security audit starting from AED 250. The audit covers every connected camera and smart device in your home — checking passwords, firmware versions, remote access settings, and router device lists. Passwords are changed and firmware updated on the spot, and you receive a written report of all findings. Appointments are available across Dubai, Sharjah, and Ajman.
Should I turn off my home cameras when I am at home?+
Dubai Police specifically recommended switching off surveillance systems when not in use, particularly in private areas of the home. For outdoor cameras covering entrances and gardens, continuous recording is appropriate. For indoor cameras in living areas or bedrooms, the police advise disabling them when you are at home. Most camera apps have a geofencing feature that automatically disables indoor cameras when your phone is on the home WiFi — this is worth enabling.
Share this article
Is your home camera actually secure?
Following the Dubai Police warning, we are conducting full smart home camera security audits starting from AED 250. A technician visits your home, audits every camera and smart device, changes weak passwords, updates firmware, and gives you a written report. Same-week appointments available across Dubai, Sharjah, and Ajman.