150,000 security cameras, this time – belonging to Verkada, were exposed in the most recent security breach. This should come to us as no surprise and is a sign of more to come. An international hacker group obtained access to the cameras and their footage, including visibility into companies such as Tesla and Cloudflare as well as hospitals, jails, schools and private homes. The hacker group claims to have done this for exposing how those cameras violate individual privacy as Verkada’s equipment allows searching for people based on traits such as gender and t-shirt color. The group claims to easily gain root access to the cameras. By doing so the hackers could use the cameras to execute their own code and spread throughout the network.
What can be done?
Once published – we added Verkada’s devices to our suspicious device blacklists. Meaning that suspicious devices mitigation rules will alert and mitigate those devices upon request. We are paying close attention as this breach unfolds and will remove Verkada from our suspicious device blacklist if we see the remediation has been successful (Verkada already claimed to fix it, we are just taking an extra precaution). We are also happy to say that we made sure that none of our clients has any Verkada cameras installed so it seems like everyone is in the clear at the moment.
Just to jog your memory
Only a few months before the current event – hackers gained access to numerous home cams in Singapore causing quite the commotion.