Freely subscribe to our NEWSLETTER

The administrator account was found publicly available on the internet and allowed hackers to gain access to live feeds, video archives and other confidential information like Verkada’s balance sheet. The comment below from Kyle Walker, Cybersecurity Regional Manager at A&O IT Group.

“The fact that it was this easy for a hacking group to get into Verkadas systems is frightening and the hacker group’s intention was to expose these sorts of vulnerabilities in the first place.

I do not think that people are always aware how exactly we are exposed through surveillance companies like Verkada, we know that there is someone on the other side watching, but what about those that think these feeds are private to the outside world?

Another disturbing fact of this breach is that the hacking group was able to execute additional code on the cameras themselves, opening the opportunity for them to gain further access into Verkada’s client network. They did not have to do any sophisticated hacking for this to happen as it was a feature in the cameras themselves. The entire breach was very unsophisticated in that all the hacker’s needed was a privileged account that was already exposed on the internet.
From the cameras feeds that were access, hackers were able to see live video feeds from within Tesla’s manufacturing plant in China, access prison and police surveillance systems as well as schools and hospitals. This is a large breach and the kind of data that Verkada was entrusted to may have just as well been left on the internet for everyone to see.”