The Cellular Technology Security Gap & How to Fix It

Customers often assume vendors provide secure technologies; why wouldn’t they believe a vendor has implemented the proper cybersecurity and data privacy protections, especially for high-cost solutions?

The unfortunate reality, however, is that alarmingly few vendors understand how to secure cellular-connected devices effectively. 

As the number of connected devices explodes from an estimated 21.1 billion today to nearly 55 billion in the next 10 years, poorly secured devices pose a critical vulnerability, leading to data leaks, device compromises, operational disruptions and irreparable reputational damage.

Security leaders and systems integrators have not only an opportunity, but a responsibility to understand how cellular-connected devices operate and implement stringent protocols that limit risks. 

As a technology innovator and patented inventor in connected video security technologies, let me guide you in understanding the key risks of cellular-connected devices, notable high-profile incidents and why we must adopt common standards to protect our employees, customers and communities. 

5 Risks of Cellular-Connected Devices

Any device connected to a corporate network inherits the security measures of that network, including firewalls and AI-based threat detection for network activity. Devices connected to cellular modems, however, do not inherit those security features. 

Cellular networks are wide-open public networks, which can greatly amplify damage if even one device is compromised. Five risks in particular are associated with cellular-connected devices, introducing a cascade of security considerations:

1. Public accessibility. Can a cellular-connected device be “pinged” or otherwise discovered on the internet? If it can be discovered, a hacker can exploit known and even unknown vulnerabilities to gain access to the device.
2. Configuration-based security. Does the cellular-connected device rely on configurations to ensure its security, or is the network it’s connected to inherently secure?
3. Backdoor accessibility. Does physical access to the cellular-connected device and its LAN allow a bad actor to gain access to the broader system, including cloud services or a cloud network?
4. Lateral movement. Does gaining access to the cellular-connected device and its LAN allow a bad actor to move laterally to other cellular-connected devices to compromise them as well?
5. Man-in-the-middle. Is it possible for a bad actor to intercept data communication between the cellular-connected device and a cloud service or end user, and either collect data passively or inject malicious data?

Any device can become an entry point for tech-savvy individuals with malicious intent if these weaknesses are not accounted for in the system’s design.   

How Cellular-Connected Devices Are Hacked by Bad Actors

Several high‑profile incidents illustrate what happens when internet- or cellular-connected devices are exposed, either in the cloud or on the device itself. 

Below are notable examples, with emphasis on systems that commonly use LTE or other cellular backhaul in the field.

• Private camera streaming: Investigations have repeatedly found websites and apps that aggregate unsecured IP camera feeds (across home, business, industrial, school and government environments) and publicly stream them when owners leave default passwords or weak credentials in place.
• Flock Safety license-plate cameras: In 2025, researchers demonstrated that they could fully compromise Flock Safety ALPR cameras in under 30 seconds by gaining physical access to the camera housing. These cameras are typically pole‑mounted and uplink via LTE; once compromised, an attacker could exfiltrate stored plate reads, modify software or potentially pivot if the device has lateral connectivity.
• Ring cameras: Attackers have repeatedly accessed Ring cameras using credential‑stuffing tools that replay username and password combinations from other breaches. Attackers then live‑streamed, and sometimes harassed, occupants via the audio channel, sharing the abuse in real time on channels like Discord (e.g., the “NulledCast” streams). Ring itself wasn’t breached at the cloud tier; the weakness was credential reuse on devices that are directly internet-reachable via home broadband, which could just as easily be a cellular router on a construction trailer or remote site.
• AVTECH cameras: In 2024, Akamai researchers disclosed that Mirai Corona botnet operators were exploiting a zero‑day vulnerability in AVTECH AVM1203 cameras. The bug allowed remote command injection via the camera’s brightness control, giving attackers high‑privilege access without authentication. Because the vendor had stopped updating firmware in 2017 and was unresponsive to CISA, a large number of these cameras remained online — including some in transportation and critical infrastructure environments.

These are just a few of countless examples where inadequate security measures provided bad actors with direct access to systems and enabled them to inflict terror on everyday consumers. In the worst cases, these incidents cause massive data breaches that result in ransom demands or public data leaks, allowing other criminals to infiltrate additional systems.

Standards for Device Security

As creators and suppliers of security solutions, we must stay ahead of the threat landscape and invest in the necessary infrastructure and engineering resources to maintain device security. I believe that proper diligence requires us to adopt uniform standards across vendors to establish a replicable baseline strategy that maximizes protection and enables rapid detection and remediation of breaches. 

The best way to prevent access is to air gap the cellular network the device is connecting to is isolating it and removing all physical and digital connections to unsecure sources like the internet. This means there is a private network segment with full data ingress/egress control and AI network threat detection capabilities.

This differs from using VPN technology. VPN technology creates a virtual tunnel between two networks but still relies on public internet connectivity to establish and maintain the connection — introducing an inherent security risk.  

A private network is separate from the public internet and gives network owner full control of segmentation, threat detection, monitoring and ingress/egress to the public internet.

Other techniques can use a zero-trust overlay mesh focused on securing specific applications and services (process‑to‑process, app‑to‑app), not whole networks or subnets. This is not an SD-WAN but instead is called Zero Trust Network Access (ZTNA) or Zero Trust Network Overlay (ZTNO).

Securing the IoT World

Cellular-connected devices are fundamentally different from Wi-Fi-connected devices and should not be considered the same. Although both are “wireless,” the networks they connect to are different and should be handled differently.

Vendors that neglect cybersecurity requirements introduce recurring, costly risks that jeopardize their customers’ digital and physical livelihoods. By adhering to proper standards and a unified security approach that starts with air gapping, we can lead the industry forward and innovate from a security-first mindset.