A Stranger Could Be Watching Your Home Camera Right Now. Here's How to Check in 3 Minutes.
There is a publicly searchable website that shows live feeds of thousands of unsecured home cameras across the UAE right now. If your camera still has its factory password, yours could be on it. Here is the 3-minute check that tells you for certain.
Key Takeaways
- Shodan and similar tools index thousands of UAE home cameras with default passwords — anyone can watch them with zero hacking skills
- Dubai Police issued a formal cybercrime advisory on April 30, 2026 confirming this is actively happening to UAE residents
- The 3-minute check: try logging into your camera's admin panel using 'admin' and 'admin' — if it works, you are exposed
- Signs your camera may already be compromised: it moves on its own, unusual data usage on your router, unknown sessions in the camera app
- A professional camera security audit from AED 250 closes every vulnerability in one 60–90 minute visit
This is not a hypothetical. There is a search engine called Shodan that indexes internet-connected devices worldwide — including home security cameras with default passwords. Type 'Dubai' into its camera search, and you can see live footage from hundreds of UAE homes right now, without hacking anything, without any technical skill. The owners of those cameras have no idea. On April 30, 2026, Dubai Police issued an urgent public advisory warning that this is actively happening to UAE residents — and that the consequences include privacy violations and cyber extortion. Here is the 3-minute check that tells you whether your camera is one of them.
The Website That Shows Other People's Home Cameras
Shodan is a search engine for internet-connected devices. It was built as a security research tool, but anyone can use it. Search 'ip cameras Dubai' and within seconds you see a list of camera devices with their IP addresses. Many have 'admin/admin' or 'admin/12345' listed as login credentials — credentials that anyone can use to log in and watch live footage.
This is not theoretical and it is not rare. Thousands of UAE home cameras are indexed on Shodan right now. Security researchers have documented them. Journalists have written about them. And — critically — cybercriminals are doing exactly what anyone with a browser can do: logging in, watching, and in some cases recording footage for later use in extortion schemes. The Dubai Police Cybercrime Department specifically flagged this pattern in their April 30 advisory.
We deliberately are not linking to Shodan or any other camera search tool in this article — there is no legitimate reason for a homeowner to need to find unsecured cameras that belong to other people. What matters is securing your own.
The 3-Minute Check: Is Your Camera Exposed?
Open your camera app and navigate to the camera's settings. Look for the option to view the camera in a browser (usually by entering its local IP address — something like 192.168.1.XX — into your browser's address bar while connected to your home WiFi). When you reach the login screen, try these credentials exactly as written: username 'admin', password 'admin'. Then try username 'admin', password '12345'. Then try username 'admin', password '123456'. Then try username 'admin', password the serial number printed on the camera label.
If any of these combinations grants you access — you are using a default password. Anyone who can reach your camera's IP address from the internet (which is possible on most home networks without specific router configuration to prevent it) can log in using those exact same credentials. Change that password right now, before you finish reading this article.
- admin / admin — the most common default across Hikvision, Dahua, and generic cameras
- admin / 12345 — Hikvision older models
- admin / 123456 — common on Chinese-brand cameras
- admin / [serial number on the label] — some Dahua and Reolink models
- admin / [blank password] — some NVR/DVR recorders have no default password
- If any of these work: change the password immediately to something unique, 12+ characters
5 Signs Your Camera Has Already Been Accessed
Camera hacking rarely announces itself. The device keeps working normally for the owner while simultaneously streaming footage to someone else. These five signs suggest your camera may already have been accessed — each one warrants an immediate full audit.
The most alarming: a PTZ (pan-tilt-zoom) camera that physically moves without you controlling it. This happens when someone with remote access is actively navigating your camera's field of view. If your camera has visibly rotated or tilted to a new position without anyone in your household doing it, treat this as confirmation of unauthorised access and change all credentials immediately.
- The camera physically moves on its own — PTZ cameras pan or tilt without you controlling them
- Unusual internet data usage — a compromised camera streaming footage out uses 2–5GB per day constantly
- The camera indicator LED behaves unexpectedly — some cameras glow or pulse when actively accessed remotely
- Unknown sessions or access times in your camera app's login history
- Your router shows an unknown device — check the full connected-device list in your router admin panel
Log into your router admin panel (192.168.1.1 or 192.168.0.1) and look for data usage by device. If one of your cameras is sending 50GB or more of data per month, it is almost certainly streaming footage to an external source. Normal camera operation — local recording only — sends near-zero data outbound.
How Footage Becomes a Tool for Extortion
Dubai Police's April 30 advisory specifically named cyber extortion as an outcome of compromised home cameras. The mechanism is straightforward: an attacker gains access to a home camera, records footage of the family — including footage captured in private areas of the home — and then contacts the homeowner demanding payment in exchange for not distributing the footage.
This is not a scenario from a crime drama. It is an active pattern documented by the UAE Cybercrime Department. The attacker does not need your personal contact information to reach you — they can communicate through the camera app's two-way speaker, or find your contact details by reading documents, mail, or screens visible in the camera footage. The leverage is the footage itself.
The most common targets are households with cameras that were installed by someone else — a landlord, a previous tenant's system that was never reset, a domestic helper who set it up and still has app access. Any camera whose credentials were set by someone other than the current household members is a priority audit.
What to Do Right Now — In Order of Priority
Do these five things today. They take under 45 minutes total and close the vulnerabilities Dubai Police specifically warned about.
- Change every camera's admin password right now — use a unique 12+ character password not used anywhere else
- Log out all active sessions in your camera app — this terminates any unauthorised sessions that are currently open
- Check your router's connected device list for anything you don't recognise
- Enable 2-factor authentication on your camera app account if available
- Update camera firmware — go to each camera's admin panel or app settings and check for firmware updates
If you see a camera that has moved, find unknown sessions, or notice unusual outbound data — do not just change the password. Change the password, factory reset the camera (this clears any injected settings or backdoor accounts), update the firmware, and then set up the camera fresh. A password change alone may not remove a backdoor that was already installed.
When a Professional Audit Makes the Difference
If you have more than two cameras, an NVR recorder, cameras installed by a previous occupant or contractor, or any smart devices that are more than two years old and never audited — a professional audit is the only way to be genuinely certain every device is secure. The DIY steps above address the most visible vulnerabilities. A professional audit using network scanning tools finds everything that is not visible: open ports, exposed admin interfaces, outdated firmware with documented exploits, and devices that are reachable from the internet in ways the homeowner didn't know about.
SAS Home Tech offers a full smart home camera security audit starting from AED 250 — covering every camera and smart device in your home. Passwords changed, firmware updated, router reviewed, remote access locked down, and a written report of everything found. Same-week appointments available across Dubai, Sharjah, and Ajman.
Frequently Asked Questions
Can someone really watch my home camera without hacking anything?+
Yes. Search engines like Shodan index internet-connected devices with default credentials. If your camera still uses its factory password (admin/admin, admin/12345, or similar), it can be accessed by anyone who finds it in a device search — no hacking skill required, just a browser. Dubai Police confirmed on April 30, 2026 that this is actively happening to UAE residents. Change your camera password today.
How do I check if my camera is using a default password?+
Open your camera's admin panel (usually by entering the camera's IP address in a browser) and try logging in with admin/admin, admin/12345, and admin/123456. If any combination works, your camera is using a default password and is exposed. Change it immediately to a unique 12+ character password. If you're unsure how to find the camera's IP address, a professional audit covers this for all devices.
What does it mean if my camera moved on its own?+
A PTZ (pan-tilt-zoom) camera that physically rotates or tilts without you controlling it is being controlled by someone else remotely. This is a strong indicator of unauthorised access. Immediately: disconnect the camera from power, change all camera and camera app credentials, factory reset the camera before reconnecting it, update its firmware, and check your router's device list for unknown connections.
Is cyber extortion using home cameras happening in the UAE?+
Yes. The General Department of Criminal Investigation's Cybercrime and Electronic Crime Department specifically named cyber extortion as an outcome of compromised home cameras in their April 30, 2026 public advisory. The pattern involves accessing a camera with default credentials, recording footage of the household, and then contacting the owner with extortion demands. Securing your cameras — with strong passwords and current firmware — is the primary defence.
Can I trust a camera that was installed before I moved in?+
Any camera installed by a previous occupant, a contractor, or anyone outside your current household may have credentials and remote app access that you do not control. The previous installer likely still has access. Factory reset every inherited camera, update its firmware, and configure it fresh with credentials you set yourself. This applies to cameras in rental apartments, cameras left by previous tenants, and cameras installed by building management.
Share this article
Not 100% sure your cameras are secure?
Following the Dubai Police advisory, we are running full camera security audits from AED 250. We visit your home, audit every device, change weak passwords, update firmware, and hand you a written report. Book this week — same-day slots available in Dubai, Sharjah, and Ajman.