Verkada security-camera hack hits Telsa, Cloudfare
Enterprises choosing cloud-based camera services should double down on security plans. Malicious attackers undertook a massive breach of Verkada security cameras found on various Tesla and Cloudfare sites, as well as in prisons, schools, and hospitals.
An international malicious group is reportedly behind the hack, which has allegedly ideological aims. One of the attackers, Tillie Kottmann, said that the goal of the breach was to fight for “freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism … and it’s also just too much fun not to do it.”
Kottmann and other malicious attackers obtained access to full video archives of all Verkada customers, with footage being leaked online of security cameras inside the Madison County Jail in Huntsville, Alabama, luxury gym chain Equinox, and at Wadley Regional Medical Center, a hospital in Texarkana, Texas, among other locations.
Footage of Telsa’s Shanghai factory was also published online, with transport start-up Virgin Hyperloop saying it too was subject to exposure from this hack.
The group obtained access through a so-called super admin account after obtaining login details of a Verkada administrator account that was posted online.
Following the incident, the malicious attackers reportedly lost access to the cameras and video archives.
“We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement,” a Verkada spokesperson said.
Revoking Access an Ineffective Counterstrategy
The attack is clear proof that, while firms such as Tesla and Equinox have used real-time data from surveillance cameras, privacy breaches are a likely downside– although the scale of such an attack likely wasn’t expected. Organizations need to better secure their infrastructure through proactive security-by-design principles and rigorous password management.
To read the complete article, visit IoT World Today.