F-Secure comments on Verkada security company was hacked
March 2021 by Thierry Decroix, Global Head of Product Security at F-Secure
Following the news that Verkada security company was hacked, Thierry Decroix, Global Head of Product Security at F-Secure comments the following:
"Networked IP cameras are notorious for their limited technical security and aren’t made to withstand the modern threat landscape. Poor security practices can lead to extensive breaches as demonstrated by how easy this threat actor was able to gain access to all cameras by finding the Super Admin account password on the internet through OSINT means.
Inadequate security protocols can also mean vulnerabilities allow attackers to do pretty much whatever, performing malicious activity inside the network and outside, against other parties. It’s therefore important that any organisation purchasing technology products like this considers assessing their security standards before deployment, to adequately understand the risk they are exposing themselves to and allow necessary mitigations or secure alternatives to be put in place prior to roll-out.
For vendors that are creating and selling technology products of any kind, this incident demonstrates the importance of proper security reviews during the product engineering process and of adhering to security best practices, which are no longer optional in 2021".