Posted in

Dashcam Hijacking: New Cybersecurity Research Reveals Massive Privacy Risks

by Rakesh0

Dashcams have rapidly become everyday safety tools for millions of drivers, capturing crucial video evidence during collisions, disputes, and unexpected roadside incidents. But new cybersecurity research shows these devices may also expose drivers to surveillance, tracking, and data theft.

At the Security Analyst Summit 2025, a team of Singapore-based cybersecurity experts revealed that many common dashcams can be hacked in seconds, allowing attackers to silently take control and extract sensitive information—including high-resolution video, in-car audio, and precise GPS coordinates.

Their investigation analyzed two dozen dashcam models from around 15 brands, beginning with the widely used Thinkware dashcam. What they discovered exposes a serious and overlooked threat in the global automotive security ecosystem.

Wi-Fi: The Hidden Backdoor in Modern Dashcams

Most dashcams, even those without cellular features, include built-in Wi-Fi for smartphone pairing through companion apps. While convenient, this feature introduces a large and often poorly protected attack surface.

According to researchers at Kaspersky, many dashcams rely on:

  • Hardcoded default passwords
  • Identical firmware structures across brands
  • Weak authentication checks
  • Outdated lightweight Linux builds on ARM chips

These flaws make numerous models vulnerable to mass exploitation, similar to the attacks that plague other insecure IoT devices.

Once connected to the dashcam’s Wi-Fi access point, attackers can access the onboard filesystem, extract stored media, and in some cases issue remote commands to the device.

How Attackers Bypass Dashcam Authentication

The researchers documented several high-impact exploitation techniques that allow hackers to bypass manufacturer security within seconds:

1. Direct File Access

Some dashcams only validate passwords at the entry page of their web interface. Attackers can directly request video files by URL—no login required.

2. MAC Address Spoofing

By imitating the victim’s smartphone MAC address, attackers trick the dashcam into believing the request originates from an authorized device.

3. Replay Attacks

Hackers can record legitimate Wi-Fi handshake traffic and replay it later to gain unauthorized access.

These weaknesses make the devices highly susceptible to automated attacks, even by low-skill threat actors.

Worm-Like Dashcam Malware: The Most Alarming Discovery

The most disturbing finding was a self-propagating worm concept developed during testing.

Researchers wrote malware capable of running directly on compromised dashcams. Once installed, the infected device scans for other nearby dashcams—such as cars driving at similar speeds or stopped in traffic—and attempts to hack them automatically.

A single malicious payload capable of testing multiple passwords and attack methods could compromise up to 25% of dashcams in a dense city environment, based on the team’s simulations.

This represents the first known example of vehicular IoT-to-IoT propagation, a dangerous evolution of malware typically seen in unsecured smart home devices.

What Hackers Can Do After a Successful Dashcam Hack

Once a dashcam is compromised, attackers gain full access to:

  • Video footage (inside and outside the vehicle)
  • In-cabin audio
  • GPS location histories
  • Trip routes and timestamps
  • Device metadata and configuration

When combined with modern AI tools—such as text recognition, GPS metadata extraction, and audio transcription using OpenAI technologies—criminals can generate detailed intelligence reports on victims, including:

  • Daily commute patterns
  • Home and workplace addresses
  • Passenger identities
  • Conversations inside the vehicle
  • Travel habits and personal routines

This level of insight amounts to full behavioral de-anonymization, representing one of the most invasive data breaches possible in consumer automotive devices.

How Drivers Can Protect Themselves

While manufacturers must fix these systemic issues, drivers can take several steps immediately:

Disable Dashcam Wi-Fi When Not in Use

Most attacks require the Wi-Fi network to be active.

Change Default Passwords

Weak or hardcoded passwords are the top reason attacks succeed.

Update Firmware Regularly

Install security patches as soon as they become available.

Avoid Connecting to Unknown Smartphones

Attackers often disguise themselves as legitimate devices via MAC spoofing.

 Buy Dashcams With Strong Security Controls

Modern models with encrypted storage, randomized passwords, and secure pairing offer better protection.

Final Thoughts

As vehicles become more connected, dashcams are transforming from simple recording tools into powerful computer systems—many of which lack modern cybersecurity protections. This latest research underscores the urgency of improving security standards across the consumer automotive electronics industry.

Without stronger safeguards, dashcams may continue to act as silent surveillance devices, exposing drivers and passengers to unprecedented privacy and tracking threats.

Subscribe

Leave a Reply

Your email address will not be published. Required fields are marked *