back to article Hacktivists breach Verkada and view 150,000 CCTV cams in hospitals, prisons, a Tesla factory, even Cloudflare HQ

A CCTV camera biz which left an admin account username and password exposed on the World Wide Web has, you guessed it, been targeted by hacktivists. Verkada, makers of internet-connected surveillance devices, had around 150,000 cameras and archive footage accessible through its web infrastructure when unauthorised folk went …

  1. b0llchit Silver badge
    FAIL

    They told us it would be great

    This type of story is so typical of the current state of affairs in the "connected" world.

    "Use the cloud" they told us. "It will be great and cheap" they sold us.

    Being a technical type, I can only see with a great deal of cynicism on the current state of security. Constant breaches are the norm and still people think the cloud is so great. Good, Cheap, Secure; pick two, you can't have all three. That has not changed in all these years and it never will. When does management learn? Probably only when they will be made personally responsible.

    1. Paul Crawford Silver badge
      Facepalm

      Re: They told us it would be great

      Good, Cheap, Secure; pick two, you can't have all three.

      You will be lucky to get one of the three.

    2. Robert Forsyth

      Re: They told us it would be great

      **Fast** Cheap Secure/Reliable

  2. MasterofDisaster

    Not again!

    The irony of course is that Verkada bills itself as the solution to all the other camera vendors being insecure. Maybe they need to reassess having half the company in sales, instead of engineering. Yet another wakeup call for operators of physical security systems (IoT) to get some religion around updating firmware, managing certificates, and more comprehensive password management (i.e. what IT security has been doing for years).

  3. CrackedNoggin

    From an interview with Filip Kaliszan, CEO of Verkada, on Verkada's own website: https://www.verkada.com/blog/verkada-enterprise-security-startup-1-point-6-billion-dollar-valuation/

    Q: What are your retention metrics? What causes people to cease using the service?

    A: For today’s businesses, security is not an option - it’s a necessity. Unless a customer has a compelling reason to switch to another platform, Verkada is exceptionally sticky. That’s due mainly to the nature of our system. With security infrastructure, there’s a significant upfront commitment from the customer: she has invested both in the hardware and the labor to physically install a system throughout her buildings.

  4. Anonymous Coward
    Anonymous Coward

    Its all Sh--.

    These camera platforms are all nightmarishly bad.

    Worse, if you try to compete with the crap china is dumping on the market, you'll go bankrupt. Unless you bin and blacklist every camera in the IP era it will never get better. All of these little horrors should only be allowed on an air-gapped network, and have no direct access to the internet.

    But I'm not holding my breath on the current leadership setting any kind of standards for IP cams, so the standard shall remain substandard.

    1. Yet Another Anonymous coward Silver badge

      Re: Its all Sh--.

      > All of these little horrors should only be allowed on an air-gapped network, and have no direct access to the internet.

      Exactly, if I want to see who is at my house while I'm at work I call my in-house security team (who operate from a secret bunker below my fish pond), they connect to the air gapped camera, copy the footage onto 16mm film and after developing it drive it and a projector around to my office.

  5. Keven E
    Paris Hilton

    Cool, man

    "...speek itz branes..."

    This and the use of "hacktivists"...

    ...

    ...whatever.

  6. cyberdemon Silver badge
    Devil

    Verkada

    Such a great name for a CCTV camera monitoring employees' performance :(

    They should Verkada on securing their bloody systems

  7. IGotOut Silver badge

    Nothing new?

    The reg quotes an article from 2016.

    I was doing it with some of the first IP cameras back around 2000.

    A quick Hotbot search (ask your parents kids) with the relevant url string. Then you had access to every camera out there. Pan, tilt and zoom all at your fingertips.

    1. gazthejourno (Written by Reg staff)

      Re: Nothing new?

      We're trying to make the place more yoof-friendly. Five years is a long time, yo.

      1. b0llchit Silver badge
        Meh

        Re: Nothing new?

        Five years? You are too optimistic of the current generations attention span.

        Products older that two years are obsolete and planned to be obsolete. No need to remember them. Soon you will be able to buy your gadgets with a "forget" button so you may get a new one without prejudice.

        1. Chloe Cresswell

          Re: Nothing new?

          "Products older that two years are obsolete and planned to be obsolete" some are planned to be obsolete at launch...

  8. whitepines
    Facepalm

    It's all in the name

    Closed Circuit TV. Not IoT TV. Why was this video even technically accessible outside the organizations that installed this supposed "CCTV" system?

    It's one thing to stream / offload locally encrypted dumps in case something burns down or disappears. It's another thing entirely, and arguably far from CCTV, to have outside contractors / employees able to view your creepy IoT camera network!

    Genuinely curious: Does this trigger any GDPR consequences around use of biometric data against the idotic afflicted organizations?

  9. Sabot
    FAIL

    DOJ after the wrong people again

    No one indicting Verkada for criminal negligence?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021