Lights, Cameras, Action! Ding Dong, the Video is On.

The average connected household now has 22 devices on its network. Smart cameras. Video doorbells. Smart bulbs and switches. Connected thermostats. Smart locks. Baby monitors. Streaming devices. Appliances with Wi-Fi. Each one was purchased for a specific, legitimate purpose — convenience, security, energy saving, entertainment.

Each one is also a computer connected to the internet. And in 2025, the average home network received 29 attack attempts per day — nearly three times the rate of the previous year.

The connected home has been sold as progress — more control, more convenience, more security. What it has also created, largely without public discussion, is an unprecedented concentration of surveillance infrastructure inside the spaces where people are most private. Understanding what these devices actually do — and what happens when they are compromised — is not paranoia. It is basic digital literacy for the modern home.

Home security cameras are the most obvious connected device in most households — and the most consequential if compromised. A hacked camera is not merely a privacy violation. It is a live feed from inside your home, accessible to whoever gained access, providing real-time information about your presence, your routine, your family, and your possessions.

In 2024, a California family discovered that hackers had gained access to their baby monitor — watching their infant and at one point speaking through the device’s speaker. This was not an isolated case. Cyberattacks targeting smart home devices tripled in a three-year period, with security cameras, smart locks, and video doorbells among the most targeted entry points.

The 2021 Verkada breach remains one of the most instructive examples of the category risk. Verkada provides cloud-connected security cameras to businesses, hospitals, schools, and private residences. When attackers breached their systems, they gained access to approximately 150,000 live camera feeds simultaneously — including cameras inside hospitals, prisons, Tesla factories, and private homes. The breach was achieved not through sophisticated exploitation of device hardware but through compromised cloud credentials. The cameras were secure. The cloud system holding the footage was not.

The footage itself is the obvious data concern. Less obvious is the data that camera systems collect beyond the video feed.

A 2024 analysis of privacy policies from major home security providers found vague and expansive language around data sharing — describing sharing with third parties in terms broad enough to encompass a wide range of commercial uses. Security camera apps collect data about your device, your network, your usage patterns, and in many cases your location. Facial recognition features — enabled by default on some systems — create biometric templates from the faces captured in your footage. These templates are stored, associated with your account, and in some cases used to improve the manufacturer’s recognition algorithms.

A survey found that 62 percent of smart home device owners are concerned that companies are collecting data about their daily routines through their devices. That concern is warranted. The question is whether it changes behavior — because awareness without action provides no protection.

The privacy risk from a smart light bulb seems almost absurd. What could a light bulb reveal about you?

The answer is not about the bulb itself. It is about the network it is on.

Every device connected to your home Wi-Fi network is a potential entry point into that network. A smart bulb with a software vulnerability — and many cheap connected devices have significant security weaknesses, often because the manufacturers lack the resources or incentive to maintain rigorous security standards — can be exploited to gain access to your network. Once an attacker is on your network, they can potentially access other devices connected to it — your computer, your phone, your security cameras, your NAS storage, your smart TV.

In 2023, researchers demonstrated a vulnerability in a widely used smart bulb brand that allowed them to extract the home Wi-Fi network password from the device. The bulb was the entry point. The target was everything else on the network.

The proliferation of cheap, poorly secured connected devices — smart plugs, smart bulbs, connected appliances — has created what security researchers call an expanded attack surface. Each device that joins your network adds a potential vulnerability. Most users never update the firmware on these devices. Many devices stop receiving security updates within a few years of release. And unlike a computer, most IoT devices give no visible indication when they have been compromised.

Video doorbells have become one of the most popular smart home products sold. They provide a genuine security benefit — the ability to see who is at your door and speak to them remotely. They also operate as permanent surveillance cameras pointed at a public space, collecting footage of every person who passes your door and transmitting it to cloud servers.

Ring, owned by Amazon, has faced significant scrutiny for its data sharing practices. The company previously had partnerships with hundreds of law enforcement agencies, allowing police to request footage from Ring cameras without a warrant. Following regulatory pressure, Ring ended automatic sharing with police in 2023 — but the underlying infrastructure that enables such sharing remains.

In 2024, a string of cyberattacks specifically targeted Ring doorbell cameras. Users found their cameras accessed, their footage viewed, and in some cases attackers used the two-way audio feature to communicate with people inside the home.

Beyond security vulnerabilities, video doorbells raise a question most people have not considered: what are the privacy rights of your neighbors, visitors, and passers-by who are captured on your camera without their knowledge or consent? In many jurisdictions this is an unresolved legal question. The technology has outpaced the regulation significantly.

You do not need to remove every connected device from your home. You need to manage them with the same attention you would give to any security decision.

Create a separate network for IoT devices. Most modern routers support the creation of a guest network. Put all your smart home devices on this separate network rather than the main network your computers and phones use. This means that if a smart device is compromised, the attacker cannot move laterally to your more sensitive devices.

Change default passwords immediately. Smart home devices ship with default credentials that are publicly known. The first thing any attacker tries is the factory default username and password. Change both on every connected device before using it — and use a strong, unique password for each.

Keep firmware updated. Manufacturers release firmware updates to patch security vulnerabilities. Enable automatic updates where available. For devices that do not support automatic updates, check manually every few months. A device that has not received a security update in over a year is a liability on your network.

Disable features you do not use. Facial recognition on cameras, remote access when you are always home, microphone features on devices that do not need them — disable anything that is not providing active value. Every enabled feature is a potential data collection point and a potential vulnerability.

Consider local storage over cloud storage. Some security camera systems offer local storage on a hard drive rather than cloud storage. Local storage means your footage is not on a company’s server and cannot be accessed through a breach of their systems. The footage is only accessible to someone who physically has the drive.

Audit what is on your network. Log into your router’s admin panel and look at the list of connected devices. You may find devices you had forgotten about — old smart speakers, a previous owner’s devices on a shared network, IoT devices whose purpose you can no longer identify. Devices you do not recognize or no longer use should be removed.

Your home is the place where you are most private. The devices you have invited into it deserve the same scrutiny you would apply to anyone else you let through the door.