https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Thinkstock

Image shows CCTV security camera monitoring on street.

Verkada Security Camera Hack Hits Telsa; Cloudflare

A cloud-based security camera firm was hit with a massive hack. Experts have likened the breach to the recent SolarWinds security event.
  • Written by Ben Wodecki and Lauren Horwitz
  • 15th March 2021

Enterprises choosing cloud-based camera services should double down on security plans. Malicious attackers undertook a massive breach of Verkada security cameras found on various Tesla and Cloudfare sites, as well as in prisons, schools, and hospitals.

An international malicious group is reportedly behind the hack, which has allegedly ideological aims. One of the attackers, Tillie Kottmann, said that the goal of the breach was to fight for “freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism  …  and it’s also just too much fun not to do it.”

Kottmann and other malicious attackers obtained access to full video archives of all Verkada customers, with footage being leaked online of security cameras inside the Madison County Jail in Huntsville, Alabama, luxury gym chain Equinox, and at Wadley Regional Medical Center, a hospital in Texarkana, Texas, among other locations.

Footage of Telsa’s Shanghai factory was also published online, with transport start-up Virgin Hyperloop saying it too was subject to exposure from this hack.

The group obtained access through a so-called super admin account after obtaining login details of a Verkada administrator account that was posted online.

Following the incident, the malicious attackers reportedly lost access to the cameras and video archives.

“We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement,” a Verkada spokesperson said.

Revoking Access an Ineffective Counterstrategy

The attack is clearproof that while firms such as Tesla and Equinox have used real-time data from surveillance cameras, privacy breaches are a likely downside– although the scale of such an attack likely wasn’t expected. Organizations need to better secure their infrastructure through proactive security-by-design principles and rigorous password management.

Synopsys CyRC principal security strategist Tim Mackey noted that while Verkada was able to revoke the attackers’ access, that doesn’t mean that remote monitoring was disabled – only that the previous credentials were invalidated.

Mackey said, “To Operators of Verkada cameras should reflash each camera with a known good copy of the firmware, as well as look for any indications of compromise on monitoring systems.”

“They then should ensure that the camera network is isolated from the internet, or if that isn’t possible, implement firewall protections to ensure that remote access only occurs from known locations over expected ports.”

Verkada Incident Likened to SolarWinds Breach

Companies should ensure that their own house is as secure as possible, with access restricted to unwanted applications and commonsense controls such as authenticaiton being implemented, said Threatlocker CEO, Danny Jenkins.

Jenkins likened the Verkada breach to the recent SolarWinds breach, where apparent back actors based in Russia obtained access to the software firm to spy on firms such as FireEye as well as several U.S. government departments.

This breach however was enabled by the lack of in-house security control, and then compounded by less than ideal controls in place to stop the attackers from accessing the cameras, Jenkins said.

“We see this over and over again. IF Verkada’s own internal infrastructure is compromised, it is likely that these controls could be disabled. If you take a corporate network that does not have good security in place, something as simple as an email to an unsuspecting user could allow a database of all cameras to be stolen,” he added.

This is also yet another wakeup call for companies that rely on Internet of Things-enabled technologies that their own security is intrinsically tied to the security of their technology providers. The other such events have been similar reminders.

Growing Market Where Security Is an Afterthought

Forrester analyst Allie Mellen warned that personal information can easily be inferred by watching someone on video and agreed that the hack could have been avoided.Had the administrator’s username and password not been exposed online, the hackers would not have gained access to the system.

“Third party security software reviews are critical in order to verify that the products and services organizations work with address security as much as they do. Otherwise, they will be left with a security blind spot,” Mellen said.

Mellen said that digitally-connected home and enterprise security video systems are growing in popularity due to their ease of use. But with proliferation comes exposure, as she added that surveillance measures need to be kept to a minimum and that any recordings are properly handled and destroyed as soon as possible to avoid potential breaches.

But even as such surveillance systems grow in popularity, security appears to be an afterthought in many of the world’s surveillance cameras, Cybereason chief security officer Sam Curry said.

He suggested there are more than surveillance cameras in use around the world. The video surveillance market is expected to be worth $44 billion by 2025 according to, with five billion cameras expected to be deployed by 2027, according to a Reportlinker.com report.

The hack is a reminder of how vast the threat landscape is for the video surveillance market, Curry added.

Given their prevalence and growing use, it’s important to understand security risks posed by IoT cameras, said Nozomi Networks co-founder Andrea Carcano.

Failure to undertake measures to prevent similar unauthorized access could result in privacy, confidentiality, and business harms, she reminded.

Tags: Security services Security News

Related Content


  • Caltech campus
    Robots Could Gain Sense of Touch, With New Artificial Skin
    New design can help businesses determine the presence of hazardous materials, offer greater safety for workers
  • Clearview AI Fined $9.4M Over Facial Data Scraping
    The company was ordered to delete any data it held on U.K. citizens.
  • Microsoft Ramping up Cybersecurity Service Offerings
    Three new managed services will boost the company’s presence in the security space
  • IoT Product Roundup
    IoT Product Roundup: PTC, Nokia, Arm and More
    All the latest Internet of Things products

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • Microsoft Extends Secured-Core Program to IoT Devices
  • Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration
  • Unmanned Robotic Combat Vehicle Being Tested
  • Image shows a Close up of lens on black background
    Carnegie Mellon Researchers Invent System to Find Hidden Cameras

Roundups

View all

IoT Product Roundup: Canonical, InfluxData, Wiliot and More

23rd June 2022

IoT Product Roundup: Cisco, Telit, Draganfly and More

9th June 2022

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Image shows Unilever's Alberto Prado at AI Summit 2022 in London

AI Summit 2022: Unilever’s Alberto Prado

Prado talks about how Unilever is using AI to accelerate the speed of new discoveries and gives them access to more breakthrough innovation

Image Shows John Lewis' Barry Panai at AI Summit London 2022

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail

Panayi talks about data and AI in retail and how individuals and the technology can work together

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

🤔 Looking for 3 Strategies to Avoid IoT Key Theft? We’ve got you covered! As tech companies continue to develop an… twitter.com/i/web/status/1…

5th July 2022
IoTWorldToday, IoTWorldSeries

AI Summit 2022: Unilever’s Alberto Prado dlvr.it/STMpRN https://t.co/1dyLREr8N6

5th July 2022
IoTWorldToday, IoTWorldSeries

Seoul Robotics Expands 3D Perception Platform across South America dlvr.it/STMhSV https://t.co/a10l3Eb2Kn

5th July 2022
IoTWorldToday, IoTWorldSeries

Microsoft Extends Secured-Core Program to IoT Devices dlvr.it/STMg4k https://t.co/laBPF5VjC4

5th July 2022
IoTWorldToday, IoTWorldSeries

Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration dlvr.it/STKWjb https://t.co/LdRg7a2xqU

4th July 2022
IoTWorldToday, IoTWorldSeries

Another 59,000 @Teslas being recalled over a software glitch affecting the vehicle’s Emergency Call safety system… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

Join us in the premier #tech destination of #Austin this November 2-3 for our next #IoT event. Connect and collabo… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

SoftBank, May Mobility Team on Autonomous Driving dlvr.it/STJrW0 https://t.co/mOYoBsgs14

4th July 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X