TL;DR: Iranian state actors used five known Hikvision and Dahua vulnerabilities to turn IP cameras into reconnaissance tools during military operations, with Check Point documenting hundreds of compromise attempts across multiple countries. The attack shows why static segmentation, weak credential ownership, and invisible IoT devices leave lateral movement paths open.
NHIMG editorial — based on content published by Elisity: IoT Device Security, Lessons from the Iranian Camera Hack
By the numbers:
- 53% of organizations still rely on VLANs as their primary segmentation approach.
- 49% of organizations use ACLs for segmentation.
- Only 24% of organizations have adopted microsegmentation.
Questions worth separating out
Q: What breaks when IoT devices rely on VLANs for security?
A: VLANs break down because they group devices by location rather than by trust, and they usually allow broad east-west communication inside the same segment.
Q: Why do unmanaged cameras complicate identity and access governance?
A: Unmanaged cameras complicate governance because they still have identities, credentials, and access paths, but those controls are often owned by no one.
Q: How do security teams stop IoT devices from becoming lateral movement footholds?
A: Security teams should deny broad internal reach from IoT devices and enforce per-device policy based on what each device must access.
Practitioner guidance
- Map every camera to an explicit trust boundary Build per-device allowlists that specify exactly which video management, update, and management services a camera may reach.
- Assign ownership for device credential lifecycle Create named ownership for camera and IoT credentials so default passwords, shared accounts, and stale secrets are rotated and revoked on schedule.
- Replace VLAN trust with identity-based segmentation Use identity-based microsegmentation to enforce policy at the network edge, based on device type and observed behaviour rather than switch port or subnet.
What's in the full article
Elisity's full blog covers the operational detail this post intentionally leaves for the source:
- A device-by-device segmentation framework for cameras, badge readers, and other embedded systems.
- The operational reasons VLANs, ACLs, and NAC controls fail when applied to IoT estates.
- Examples of attacker lateral movement stages mapped to specific MITRE ATT&CK techniques.
- Implementation guidance for identity-based microsegmentation in enterprise networks.
👉 Read Elisity's analysis of IoT camera security and lateral movement risk →
IoT camera compromise and lateral movement: are controls keeping up?
Explore further
IoT camera compromise is really a device identity governance problem. The article shows that the issue is not simply vulnerable firmware but the absence of precise control over what a device is allowed to do once it joins the network. When a camera can initiate discovery or lateral movement, network location has become an unreliable trust signal. For IAM and NHI teams, this is the same governance problem seen with unmanaged service identities: if identity is not tied to behaviour and lifecycle, access expands by default. Practitioners should treat device identity as an enforceable policy boundary.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who is accountable when an IoT device is used for internal reconnaissance?
A: Accountability should be shared across the teams that own the device, the network path, and the security policy, but one function must be designated to manage the lifecycle. If nobody owns credential rotation, segmentation, and offboarding, the organisation has created a governance vacuum. That vacuum is what attackers exploit.
👉 Read our full editorial: IoT camera compromise exposes the limits of network segmentation