"Such cameras are usually just connected to the Internet and are already relatively outdated – that is, with software that has not been updated for a long time and has many known vulnerabilities,” said Serhiy Denysenko, executive director of the Ukrainian information-security company CyberLab’s Digital Forensics Laboratory.

Cameras are a particular issue, but honestly, the broader issue of “a lot of devices in the Internet of Things are inexpensive and probably not well-maintained and perhaps even insecure out of box” is something that was raised way, way back.

You have a lot of devices that have microphones floating around too, like laptops and cell phones. We’re also getting to the point where voice command is a practical option, and at that point, one expects even more devices to have them.

Most of the time, the consequences of insecure devices on the network aren’t that severe, but when a country is at war, suddenly things get to be life-and-death.

A 2019 Dahua camera, even when its cloud-server connection was switched off, still sent encrypted information, including the user’s login and password, to cloud servers in Germany run by China’s uCloud Information Technology, a partly state-owned company, and the private U.S. firm Zenlayer.

The security of CCTV transfers depends on the manufacturer, the connection with the server, and “who can use this information and how,” said Digital Security Laboratory expert Ivan Antonyuk. “And here’s the question: Do you trust the Chinese developer or not?"

Also, even setting aside whether you trust the company’s intentions…do you trust their ability to secure their own network? Because if you’re transferring stuff like passwords, or if they have remote control of the devices they sell, suddenly they become a really appealing target to compromise.