Dash Cams Can Be Hijacked in Seconds, Allowing Hackers to Launch Future Attacks

Dashcams, often relied upon as impartial witnesses in accidents or traffic disputes, have recently drawn attention for a far more concerning reason.

A team of cybersecurity researchers from Singapore presented findings at the Security Analyst Summit 2025 that show how even offline dashcams can be repurposed into powerful surveillance devices.

Their research demonstrates that simple connectivity flaws in these gadgets could allow attackers to monitor drivers, record their conversations, and even trace their movements.

Although most dashcams lack mobile network connectivity, such as SIM cards or 5G support, nearly all modern models feature built-in Wi-Fi for connecting to mobile apps.

This connection, intended to allow owners to download footage or adjust settings, often lacks adequate authentication safeguards. The researchers discovered that many dashboards accept remote connections without verifying the user’s identity.

Once access is gained, the intruder can view or download recorded footage containing high-resolution images of roads, license plates, and people inside or near the vehicle.

Many devices also store audio and precise GPS data, revealing not only where a car has traveled but also what is said inside it.

The implications are profound: a compromised dashcam provides a window into a driver’s private world.

While hacking a single device could serve targeted surveillance, a large-scale attack could automatically capture data from thousands of vehicles across a city, effectively creating a decentralized spy network hidden in plain sight.

A Worm Spreading from Car to Car

The research began with one popular Thinkware model, but testing soon expanded to more than twenty models across fifteen brands.

They found that many were built on similar hardware and Linux-based firmware, often supplied by the same third-party developers. This shared architecture means that a single exploit can compromise multiple brands simultaneously.

The researchers simulated several infiltration methods commonly used against IoT devices. Some dashcams allowed direct download of video files without verifying access rights.

Others identified the driver’s phone by its Wi-Fi MAC address, which an attacker could easily mimic in some cases, intercepting and replaying legitimate data exchanges between the phone and the dashcam, granting complete control.

To demonstrate the potential scale of the threat, the team created code that spreads automatically. A compromised dashcam can locate and infect nearby dashcams in other cars using its Wi-Fi, particularly when vehicles move together in traffic.

Once inside, malicious software can extract or relay footage, GPS data, and even audio to a remote attacker.

The researchers warned that many of these weaknesses persist because of poor firmware design and shared industrial codebases.

They urged manufacturers to adopt secure development practices, encrypt all communications, and remove hardcoded passwords.

For individual drivers, the best defenses remain turning off Wi-Fi or Bluetooth when not needed, disabling audio capture, and keeping firmware up to date.

Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates

The post Dash Cams Can Be Hijacked in Seconds, Allowing Hackers to Launch Future Attacks appeared first on Cyber Security News.