Verkada Security Breach Grants Hackers Superuser Access To Cameras

By Bill Jones, Enterprise Architect

On 09 March 2021, Blomberg news reported a security breech involving enterprise security camera start-up Verkada. A group of hackers calling themselves Advanced Persistent Threat 69420 is claiming responsibility for the breech.

According to the report, the hackers obtained access to a superuser password for the Verkada systems, which granted them access to 150,000 cameras and, in many cases, archived video footage from those locations. In some cases, the hackers were even able to change the angle of the cameras.

The breech includes corporations (like Tesla, Cloudfare, and Verkada’s own offices), hospitals, gyms, correctional facilities, and even the home of one Verkada employee. 

Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, points out, “If you are a company who has purchased this network of cameras and you are putting them in sensitive places, you may not have the expectation that in addition to being watched by your security team that there is some admin at the camera company who is also watching.” 

Dasher Engineering recommends either unplugging the cameras until a fix is validated or moving them to a VLAN/network where they only have outbound internet access (no access to internal resources).

Verkada has made a statement that can be found here:  https://www.verkada.com/security-update/

Please see the original Bloomberg article for additional details. You can find it here.

This post is powered by Mix Digital Marketing