Breach of security start-up Verkada reportedly exposes 150,000 cameras
11 March, 2021
Several hackers reportedly breached more than 150,000 security camera systems of California-based start-up Verkada, exposing the live feed of companies including electric vehicle maker Tesla and software provider Cloudflare, according to Bloomberg.
The hack was completed to reveal the vulnerabilities that exist in video surveillance devices, Swiss engineer and security researcher Tillie Kottmann, one of the hackers who took responsibility for the breach, said.
The hacktivist group said it were able to discover a user name and password for an administrator account on the web, which allowed them unlawful access to Verkada’s camera footages.
The hackers claimed to have accessed feeds from 222 cameras installed in Tesla’s factories and warehouses in the US and China,17 cameras in Graham County detention centre in Arizona and 330 security camera systems in the Madison County Jail in Alabama amongst others. The group was reportedly able to access feed from schools and hospitals aswell.
“We've disabled all internal administrator accounts to avoid any unauthorised access … our internal security team and external security firm are investigating the scale and scope of the issue, and we've notified police,” Verkada said in a statement provided to Bloomberg.
Verkada and Mr Kottmann didn't respond immediately to The National's obtain comment.
This is not the 1st time that Mr Kottmann has revealed loopholes within major companies. In January, he highlighted flaws in the foundation code for Nissan North America’s internal mobile apps. In August, Mr Kottmann exposed the leak of more than 20 gigabytes of proprietary data from America's biggest chip maker Intel.
Founded in 2016, Verkada was valued at $1.6 billion after securing $80 million in a string C financing round in January last year. Its investors include Next47, Sequoia Capital, Meritech Capital and Felicis Ventures.
The upsurge in cyber threats has resulted in a surge in shelling out for cyber security, which is forecast to go up about 125 % to $363.05 billion by 2025 from 2019, research consultancy Mordor Intelligence said.
The other day, a cyber espionage group Hafnium reportedly exploited tech company Microsoft’s trusted email and calendar Exchange server, breaching more than 30,000 commercial and local government entities in the US.
Cyber security authorities said the latest hack could have been prevented if the vendor’s details weren't exposed on the web.
“Today, there are more than 1 billion surveillance cameras used all over the world and security is an afterthought in many of these, leading to spying and unlawful monitoring of unsuspecting victims,” Sam Curry, chief security officer of Boston-based cyber security firm Cybereason, told The National.
Verkada breach is a reminder how vast the threat landscape is, Mr Curry said.
“This breach has been preventable if the administrator's account weren't exposed on the web.”
Organisations need to consider cyber breaches as “inevitable, not extraordinary”, Ammar Enaya, regional director for Middle East, Turkey and North Africa at San Jose-based Vectra that uses artificial intelligence to find cyber attacks, told The National.
“Cyber security thinking today is evolving … but we have to evolve faster. Lingering faith in faulty protection solutions has cost way too many organisations dearly. The very best response to these attacks is to look at better protective measures,” he added.
Source: www.thenationalnews.com
TAG(s):