When you purchase an IP-based spy (hidden) camera for surveillance, are you aware that others may be spying on what you are watching? Recent research by Samuel Herodotou in the Department of Computer Science, Warwick, as part of his third-year undergraduate dissertation project under the supervision of Professor Feng Hao, has revealed a wide range of vulnerabilities of a generic camera module that has been used in many best-selling hidden cameras. Exploiting these vulnerabilities, an attacker may capture your hidden camera's video/audio streams from anywhere in the world, and furthermore, take complete control of the camera as a bot to attack other devices in your home network. To launch the attack, all the attacker needs to know is merely your hidden camera’s serial number. It is estimated that these vulnerabilities affect millions of hidden cameras, mostly sold in America, Europe and Asia. The (insecure) peer-to-peer network that is used by the affected cameras is also being used by 50 million IoT devices as a general communication platform. Hence, many millions of other IoT devices may also be affected. Researchers have responsibly disclosed findings to the manufacturers, and a CVE has already been assigned. Samuel will present this research work at the 17th International Conference on Network and System Security (Canterbury, UK, 14-16 August 2023). More details can be found in the paper.