Here are a couple of articles about some research from HD Moore into IP-based video systems. In a nutshell, the research shows that many video systems are set up in a non-secure (default) way, likely and expected, since the idea is that these systems should be easy to use and accessible. The video systems admin/web interfaces are often accessible from the Internet and allow cameras to be used to monitor activities in the critical locations (board rooms) where the video systems are used. Additional research discusses accessing the systems via H.323 (use of SIP is possible too). I will try to comment more on this later.
Note that we have also seen video systems exploited, for the purpose of making outbound calls on legacy PRI trunks. I will cover that in another post.