A demonstration scene of IP camera hacking (Yonhap)
SEOUL, Dec. 8 (Korea Bizwire) — South Korea unveiled new measures on Sunday to strengthen security oversight of internet-connected cameras after police uncovered a sweeping hacking scheme in which more than 120,000 IP cameras installed in homes, hospitals, spas and massage clinics were compromised and used to produce sexually exploitative material.
The scheme, uncovered by the National Office of Investigation, led to the arrest of four suspects who allegedly infiltrated residential and commercial IP cameras and extracted intimate footage, later sold and distributed on overseas pornography sites.
Officials said videos created by two of the suspects accounted for roughly 62 percent of the content posted on a major illegal foreign site, underscoring the breadth of the breach.
Although only 1,193 videos have been identified on the site, authorities believe the true scope of the leak is far larger, as tens of thousands of hacked cameras produced material that may never have been publicly detected. The government estimated that the hacked devices totaled more than 120,000, with many units breached multiple times.
In response, the Ministry of Science and ICT, the Personal Information Protection Commission and the National Police Agency jointly announced a plan to overhaul security governance for IP cameras.
Until now, responsibility for protecting devices connected to internal networks has been undefined, falling disproportionately on users and manufacturers. The government said it would expand accountability to include installation companies and telecom operators, which frequently handle camera setup and connectivity.
IP camera voyeurism footage (image provided by the Gyeonggi Nambu Provincial Police Agency)
A recent government survey showed that only 59 percent of installation contractors had implemented mandatory security measures to prevent hacking. User behavior has amplified vulnerabilities: although 81 percent of users changed the factory-set password at least once, only 30.8 percent updated passwords within the past six months.
Authorities plan to notify high-risk businesses — including bathhouses, lodging facilities, surgical centers and massage clinics — of their legal duty under the Personal Information Protection Act to ensure proper safeguards. Facilities associated with large-scale video leaks will face investigations to determine whether privacy laws were violated.
Inspectors from multiple government ministries and municipal governments will begin joint on-site checks this month at hospitals, wellness centers and other vulnerable locations.
The government also plans to mandate the use of certified secure devices for IP cameras installed in close-contact environments such as yoga studios, fitness centers, hospitals, swimming pools and postpartum care facilities. Separately, officials are seeking legislative changes requiring more complex password standards to be embedded in product design from the outset.
However, most IP camera models are designed and manufactured overseas — particularly in China — raising uncertainty over the reach of domestic regulation.
In addition, regulators said they are upgrading tools that identify unencrypted server names used to connect cameras and block traffic to illegal sites. But criminals have already begun routing around existing blocks, prompting authorities to explore advanced traffic-analysis technology that does not rely on content decryption.
Government officials said more aggressive regulation and monitoring are essential to stem video leaks that have turned private spaces into surveillance targets and fueled one of the most troubling privacy crises in the country’s digital ecosystem.
Kevin Lee (kevinlee@koreabizwire.com)
