Hackers Gained Access to 150,000 IP Cameras Inside Hospitals, Police Departments, Prisons, Schools, and Companies like Tesla & Equinox

By : Nata Kesuma | Monday, April 05 2021 - 17:25 IWST

Illustration Hackers Gained Access
Illustration Hackers Gained Access

INDUSTRY.co.id - In March 2021, a group of hackers breached a large group of IoT security cameras via a Silicon Valley startup called Verkada.

Hackers gained access to live surveillance camera feeds exposing data and intellectual property at enterprises like Tesla, schools and prisons.

IoT devices are built with little or no security enabling hackers to expose those vulnerabilities and steal important data and intellectual property.

All enterprises need to proactively protect their IoT devices, networks, apps, and cloud services from sophisticated multi-vector Gen V cyber attacks.

Proactively secure your enterprise from the latest IoT cyberattack, so you don’t become the latest IoT security breach statistic.

Breach of IoT Security Cameras with Root Access to Launch More Attacks.

It’s extremely unfortunate to see yet another broad IoT security breach, but this breach is more dangerous that those we have seen recently. As various media outlets have reported including Bloomberg, Verkada, a Silicon Valley startup, suffered a massive IoT cyber-attack.

The hackers were “able to obtain “root” access on the cameras, meaning they could use the cameras to execute their own code on the device.

This enabled them to use the IoT device as a launching point for attacks laterally across the entire enterprise network. This exposed the rest of the enterprise network, devices, applications and cloud services to potential data and intellectual property theft.

With this super user access to the security cameras, the hackers were able to stream live feeds of every Verkada customer’s camera network. What’s scary is that Verkada’s large customer list includes a lot of enterprises like Tesla, public jails, hospitals, and schools.

In addition to the live video feeds, the hackers were able to access all the archived videos which means the entire video library for these organisations was at risk. A simple search on the “Verkada breach” will quickly demonstrate how massive this cyber-attack is, returning results of videos that have been made public through this breach.

Without a quick fix, many of these organisations had to shut down their network of security cameras to prevent unauthorised access.

This was costly, directly impacted their operations, and took their cameras offline increasing the security risk of those facilities. Although an investigation has been kicked off, it doesn’t erase the fact that this attack actually occurred and has raised awareness regarding the importance of IoT security.

How did the IoT Cameras Get Breached?

I think we can all agree that IoT devices bring productivity benefits to the workplace and have become necessary. For example, the surveillance cameras were needed by Verkada customers for security and business purposes.

Unfortunately, IoT devices (like IP cameras, smart TVs, etc.) present a huge attack surface for cybercriminals to easily gain access to your network as they are highly vulnerable and easy to hack into.

The security risk is real as 67% of enterprises and 82% of healthcare organisations have experienced IoT security incidents. IoT device are vulnerable to attack because they:

Having little to no built-in security

Run on Simple or Legacy OS

Use weak, easy-to-guess passwords

Are extremely difficult to patch

IoT devices have unique characteristics depending on the type of device – like the device functionality, unique operating systems, etc.

They also often use proprietary protocols which are often difficult to understand making it hard for IT and network managers to set policies for these devices. What’s even worse is that many of these devices are unmanaged – meaning that although these devices are connected to any given network, it is extremely difficult to control them, view them, and create policies for these devices without a proper solution.

So we’re left with the question…what can we do now to protect ourselves and our networks? 

What Can You Do To Protect Your Organisation?

There are a couple of things we suggest doing immediately:

Partner with an IoT solution provider that can help you discover every IoT device connected to your network, and assess each device’s security risk

Invest in IoT solutions that integrate IoT security into a broader solution that also protects your datacenter, network, mobile, endpoint and cloud.

News Comment

Today's Industry

Minister of Tourism and Creative Economy Sandiaga Uno (19/04/2021).

Selasa, 20 April 2021 - 21:00 WIB

Vaccination Can Rebuild Creative Economy: Tourism Minister

Minister of Tourism and Creative Economy Sandiaga Uno has expressed optimism that vaccination program for creative economy actors will boost productivity and rebuild creative economy sector.

President Jokowi inspecting vaccination for artists and cultural practitioners accompanied,(Photo: Bureau of Press, Media, and Information of Presidential Secretariat/Lukas

Selasa, 20 April 2021 - 20:40 WIB

Health Minister: Stay Vigilant, Disciplined in Observing Health Protocols

Minister of Health Budi Gunadi Sadikin Monday (19/04) inspected vaccination for artists and cultural practitioners at the Indonesia National Gallery in Central Jakarta along with President Joko…

President Jokowi chairs a Limited Meeting on Handling of COVID-19 Pandemic ahead of Eid Al-Fitr 1442 Hijri, at the Merdeka Palace, Jakarta, Monday (19/4). (Photo by: PR of Cabinet Secretariat/Agung)

Selasa, 20 April 2021 - 20:05 WIB

Gov’t to Boost Community Economy through Religious Festivity Allowance, Social Protection

The Government has announced that it will continue to maintain the balance of COVID-19 handling and national economic recovery, including during the holy month of Ramadan and Eid Al-Fitr 1442…

Minister of Health Budi G. Sadikin (19/04/2021). (Photo by: PR of Cabinet Secretariat/Agung)

Selasa, 20 April 2021 - 19:55 WIB

Despite Vaccination, Stay Disciplined in Observing Health Protocols: Health Minister

Indonesia can learn from India on why the number of COVID-19 cases is rising despite successful vaccination there, according to Minister of Health Budi G. Sadikin.

Coordinating Minister for Economic Affairs Airlangga Hartarto, accompanied by Minister of Religious Affairs Yaqut Cholil Qoumas and Minister of Health Budi G. Sadikin

Selasa, 20 April 2021 - 19:15 WIB

Gov’t Extends Micro-Scale Restrictions to 3 May

The activity restrictions (PPKM) and micro-based activity restrictions (PPKM Mikro) policies that have been implemented since last January have been effective in controlling the spread of COVID-19,…