Hackers stealing your security recording feeds
from smart cameras
• ML behind your keyboard (predictive text, swype, etc)
• Voice commands
• App permissions
• E.g. you give a QR code scanner access to the camera. The app will
be able to turn it on without your knowledge
• E.g. You give Shazam access to the microphone. It will be able to do
ambiental recordings and send them to 3rd parties
• Truecaller / sync.me / facebook / almost everything – when no matter
how paranoid you are, your friends may be idiotsless paranoid than
• You have a very secure password but you type it? I guarantee it’s on
dozens of security camera feeds.
• Browser extensions have access to your whole browsing behaviour
• The list goes on
• Last 4 digits of your credit card
• Date of birth
• Place of birth
• Mother’s maiden name
• School you went to
• Places you worked
• Your name. Your phone number. ”but they have to know my
name/phone number and that I work there in that position for
the attack to work”
A few words on static data.
Or what to treat as “already compromised”
• 2001 – Personal Identification Number, home address and
more of all Bucharest citizens leaks on the internet
• 2014 – ANAF accidentally displays the ID card data for tens of
thousands of Ploiesti citizens
• 2016 – Adult Friend Finder hacked. 412M accounts exposed.
Thousands of divorces. 2 suicides.
• 2018 – I dare you to try asking “I’d like to know how you’re
going to handle my information” at Public Administration
„WOOPS!” moments and hacks are not prevented by
By design, privacy is an utopia in today’s society. The old gossip
circle around the watercooler has been given a huge megaphone
through the internet. ALWAYS work under this assumption. With
that in mind, I ask you:
• Big brother claims they spy on citizens to prevent crime. Do
we believe them?
• The commercial sector claim they spy on us to better predict
our needs and make our life easier. Obviously we can’t believe
it’s just that but the question here is – do we accept it?
• The media hypes whatever gets them clicks: articles against
big brother and about people’s privacy always get them clicks.
Do we trust them?
Ask me anything :)
firstname.lastname@example.org | @jaymzu
Our red team is hiring! Send your
offensive security oriented CVs to