Hackers Gained Access to 150,000 IP Cameras Inside Hospitals, Police Departments, Prisons, Schools, and Companies like Tesla & Equinox

By : Nata Kesuma | Monday, April 05 2021 - 17:25 IWST

Illustration Hackers Gained Access

INDUSTRY.co.id - In March 2021, a group of hackers breached a large group of IoT security cameras via a Silicon Valley startup called Verkada.

Hackers gained access to live surveillance camera feeds exposing data and intellectual property at enterprises like Tesla, schools and prisons.

IoT devices are built with little or no security enabling hackers to expose those vulnerabilities and steal important data and intellectual property.

All enterprises need to proactively protect their IoT devices, networks, apps, and cloud services from sophisticated multi-vector Gen V cyber attacks.

Proactively secure your enterprise from the latest IoT cyberattack, so you don’t become the latest IoT security breach statistic.

Breach of IoT Security Cameras with Root Access to Launch More Attacks.

It’s extremely unfortunate to see yet another broad IoT security breach, but this breach is more dangerous that those we have seen recently. As various media outlets have reported including Bloomberg, Verkada, a Silicon Valley startup, suffered a massive IoT cyber-attack.

The hackers were “able to obtain “root” access on the cameras, meaning they could use the cameras to execute their own code on the device.

This enabled them to use the IoT device as a launching point for attacks laterally across the entire enterprise network. This exposed the rest of the enterprise network, devices, applications and cloud services to potential data and intellectual property theft.

With this super user access to the security cameras, the hackers were able to stream live feeds of every Verkada customer’s camera network. What’s scary is that Verkada’s large customer list includes a lot of enterprises like Tesla, public jails, hospitals, and schools.

In addition to the live video feeds, the hackers were able to access all the archived videos which means the entire video library for these organisations was at risk. A simple search on the “Verkada breach” will quickly demonstrate how massive this cyber-attack is, returning results of videos that have been made public through this breach.

Without a quick fix, many of these organisations had to shut down their network of security cameras to prevent unauthorised access.

This was costly, directly impacted their operations, and took their cameras offline increasing the security risk of those facilities. Although an investigation has been kicked off, it doesn’t erase the fact that this attack actually occurred and has raised awareness regarding the importance of IoT security.

How did the IoT Cameras Get Breached?

I think we can all agree that IoT devices bring productivity benefits to the workplace and have become necessary. For example, the surveillance cameras were needed by Verkada customers for security and business purposes.

Unfortunately, IoT devices (like IP cameras, smart TVs, etc.) present a huge attack surface for cybercriminals to easily gain access to your network as they are highly vulnerable and easy to hack into.

The security risk is real as 67% of enterprises and 82% of healthcare organisations have experienced IoT security incidents. IoT device are vulnerable to attack because they:

Having little to no built-in security

Run on Simple or Legacy OS

Use weak, easy-to-guess passwords

Are extremely difficult to patch

IoT devices have unique characteristics depending on the type of device – like the device functionality, unique operating systems, etc.

They also often use proprietary protocols which are often difficult to understand making it hard for IT and network managers to set policies for these devices. What’s even worse is that many of these devices are unmanaged – meaning that although these devices are connected to any given network, it is extremely difficult to control them, view them, and create policies for these devices without a proper solution.

So we’re left with the question…what can we do now to protect ourselves and our networks?

What Can You Do To Protect Your Organisation?

There are a couple of things we suggest doing immediately:

Partner with an IoT solution provider that can help you discover every IoT device connected to your network, and assess each device’s security risk

Invest in IoT solutions that integrate IoT security into a broader solution that also protects your datacenter, network, mobile, endpoint and cloud.