A precision strike killed Iran’s Supreme Leader, Ayatollah Ali Khamenei, at his compound in Tehran. It was one of the most significant targeted killings in modern history β and it was made possible, in part, by a traffic camera.
Not a spy satellite.
Not a human asset inside the inner circle.
π· A traffic camera.
The kind that hangs over a junction and counts the cars.
According to the Financial Times, citing current and former Israeli intelligence officials, Mossad had quietly compromised nearly every traffic camera in Tehran, years before the strike.
The footage was encrypted and transmitted to servers in Israel.
One camera near Khamenei’s compound gave analysts a clear view of where his bodyguards parked their personal vehicles. From that, intelligence teams built detailed profiles β home addresses, duty schedules, routines, which officials each guard was assigned to protect.
Everything needed to plan a killing was assembled through a networked system that nobody had properly secured.
π‘ On the day of the strike, mobile phone towers near the compound were disrupted, so that warning calls to the security team went unanswered.
The entire operation was built not on dramatic infiltration, but on networked systems that had been accessed and never closed off.
I am not writing about geopolitics.
I am writing about the principle.
π Closer to Home Than You Think
Early in my career as a Counter-Terrorism Security Coordinator, protecting events attended by members of the Royal Family and senior Government ministers, one of the first questions we asked was always the same:
π When was the Wi-Fi password last changed?
It sounds mundane. It isn’t.
A venue’s wireless network connects to everything β lifts, fire alarm systems, access control, and building management.
In the wrong hands, any of those systems becomes a potential vector for disruption or harm.
Before any significant event, we insisted that passwords be changed.
Not requested. Insisted.
Because we had learned the hard way that access granted to a contractor three months earlier and never revoked could still be exploited on the day.
That discipline β straightforward, unglamorous, effective β applies just as much to a private residence as it does to a venue hosting a Royal visit.
πΆ The Internet of Things
Most people have heard the phrase without fully understanding what it means in practice.
The Internet of Things refers to every device in a home or office that connects to the internet β not just computers and phones, but:
πΊ Smart televisions
π Door locks
πΉ Security cameras
πΆ Baby monitors
π£ Voice-activated speakers
π Doorbells
π¨ Printers
π‘ Thermostats
Each connects through the same Wi-Fi network.
Whoever has access to that network has, in principle, a route to all of them.
Consider what those devices reveal:
π A security camera covers the driveway and the front of the house.
πͺ A doorbell logs every visitor and when they arrive.
π£ A smart speaker picks up ambient conversation.
π A thermostat records when the property is occupied and when it is not.
πΆ A baby monitor, in the wrong hands, becomes a listening device in a child’s room.
This is what Israeli intelligence understood about Tehran’s traffic cameras.
It is what motivates adversaries to understand about private households β including yours.
π The Access Nobody Revoked
Think about who has been given the Wi-Fi password in the past two years.
β’ The housekeeper
β’ The estate manager, who has since left
β’ The contractor spent a fortnight on the new kitchen
β’ The nanny
β’ The ex-partner
β’ The business associate who stayed for a weekend
Every one of them had legitimate access at the time.
Unless the password has been changed, every one of them still has it.
That access does not expire on its own.
And it does not need to be the person themselves who exploits it β they may simply have passed it on, knowingly or otherwise, to someone with a reason to want it.
Another category of access is worth considering as well.
Broadband providers routinely retain remote administrative access to home routers for maintenance and diagnostics.
Most customers are unaware that this exists.
For a private individual whose home movements, family schedule, and security configuration are sensitive, “probably fine” is not an acceptable standard.
π What To Do About It
None of this requires a dramatic response.
It requires a methodical one.
π Change the Wi-Fi password now.
Do it again every six months, and immediately whenever anyone who had access to the network β staff, contractors, a former partner β leaves the household or the business.
Here is how to do it for the most common UK providers:
Sky – Connect to your Sky Wi-Fi, type 192.168.0.1 into your browser, log in with the password on the back of your router, and update the Network Key.
BT – Connect to your BT Wi-Fi, type 192.168.1.254 into your browser, go to Settings or Advanced Settings depending on your Hub model, navigate to Wireless, and change the Security password.
Virgin Media – Connect to your Virgin Wi-Fi, type 192.168.0.1 into your browser, sign in with the Settings Password on the base of your Hub, and update under Admin.
TalkTalk – Connect to your TalkTalk Wi-Fi, type 192.168.1.1 into your browser, and log in with the details on the back of your router.
If you are unsure which router you have or cannot locate the login details, your provider’s help section will walk you through it.
β± It takes less than ten minutes.
There is no good reason not to do it today.
π‘ Create a separate guest network
Create a separate guest network for visitors, contractors, and temporary staff.
Most modern routers allow this with no technical knowledge required.
Devices on the guest network cannot communicate with devices on the main network.
If that access is later misused, the exposure is contained.
π Audit what is connected
Log in to your router and look at the list of connected devices.
Most people find things they had forgotten about β and occasionally something they do not recognise at all.
π§ Ask your broadband provider about remote access
Ask your broadband provider what remote access they hold and under what circumstances they use it.
A reputable provider will answer this question clearly.
For households where privacy is a genuine concern, consider whether a business-grade router with stronger access controls is appropriate.
β οΈ The Lesson
The lesson from Tehran is not that we are all targets of intelligence agencies.
It is simpler than that.
Networked systems are only as secure as the open access points.
In a government compound, it was a camera feed nobody had properly locked down.
In a private home, it is more likely to be a password that has not been changed since the last housekeeper handed in her keys.
The adversaries my clients face do not need to be as capable as Mossad.
They just need access to something someone else forgot to close.
π If You Are Not Sure What Is Already Visible
If you are not certain what is already publicly accessible about you and your family β your home address, your routines, your connections β that uncertainty is worth resolving before something forces your hand.
The Defuse Global Digital Exposure Assessment maps exactly what is out there and what someone with hostile intent could do with it.
You receive:
β A detailed written report
β A personal briefing
β A prioritised action plan within 72 hours
Clarity is always better when it comes before pressure, not because of it.
π© Begin a confidential conversation at
www.defuseglobal.com/digital-exposure-assessment
π§ [email protected]
π +44 (0)207 293 0932
Philip Grindell CSyP is the founder and CEO of Defuse Global, advising prominent individuals, family offices, and private client advisers on physical, psychological, and reputational risk.
