Hackers Gained Access to 150,000 IP Cameras Inside Hospitals, Police Departments, Prisons, Schools, and Companies like Tesla & Equinox

By : Nata Kesuma | Monday, April 05 2021 - 17:25 IWST

Illustration Hackers Gained Access
Illustration Hackers Gained Access

INDUSTRY.co.id - In March 2021, a group of hackers breached a large group of IoT security cameras via a Silicon Valley startup called Verkada.

Hackers gained access to live surveillance camera feeds exposing data and intellectual property at enterprises like Tesla, schools and prisons.

IoT devices are built with little or no security enabling hackers to expose those vulnerabilities and steal important data and intellectual property.

All enterprises need to proactively protect their IoT devices, networks, apps, and cloud services from sophisticated multi-vector Gen V cyber attacks.

Proactively secure your enterprise from the latest IoT cyberattack, so you don’t become the latest IoT security breach statistic.

Breach of IoT Security Cameras with Root Access to Launch More Attacks.

It’s extremely unfortunate to see yet another broad IoT security breach, but this breach is more dangerous that those we have seen recently. As various media outlets have reported including Bloomberg, Verkada, a Silicon Valley startup, suffered a massive IoT cyber-attack.

The hackers were “able to obtain “root” access on the cameras, meaning they could use the cameras to execute their own code on the device.

This enabled them to use the IoT device as a launching point for attacks laterally across the entire enterprise network. This exposed the rest of the enterprise network, devices, applications and cloud services to potential data and intellectual property theft.

With this super user access to the security cameras, the hackers were able to stream live feeds of every Verkada customer’s camera network. What’s scary is that Verkada’s large customer list includes a lot of enterprises like Tesla, public jails, hospitals, and schools.

In addition to the live video feeds, the hackers were able to access all the archived videos which means the entire video library for these organisations was at risk. A simple search on the “Verkada breach” will quickly demonstrate how massive this cyber-attack is, returning results of videos that have been made public through this breach.

Without a quick fix, many of these organisations had to shut down their network of security cameras to prevent unauthorised access.

This was costly, directly impacted their operations, and took their cameras offline increasing the security risk of those facilities. Although an investigation has been kicked off, it doesn’t erase the fact that this attack actually occurred and has raised awareness regarding the importance of IoT security.

How did the IoT Cameras Get Breached?

I think we can all agree that IoT devices bring productivity benefits to the workplace and have become necessary. For example, the surveillance cameras were needed by Verkada customers for security and business purposes.

Unfortunately, IoT devices (like IP cameras, smart TVs, etc.) present a huge attack surface for cybercriminals to easily gain access to your network as they are highly vulnerable and easy to hack into.

The security risk is real as 67% of enterprises and 82% of healthcare organisations have experienced IoT security incidents. IoT device are vulnerable to attack because they:

Having little to no built-in security

Run on Simple or Legacy OS

Use weak, easy-to-guess passwords

Are extremely difficult to patch

IoT devices have unique characteristics depending on the type of device – like the device functionality, unique operating systems, etc.

They also often use proprietary protocols which are often difficult to understand making it hard for IT and network managers to set policies for these devices. What’s even worse is that many of these devices are unmanaged – meaning that although these devices are connected to any given network, it is extremely difficult to control them, view them, and create policies for these devices without a proper solution.

So we’re left with the question…what can we do now to protect ourselves and our networks? 

What Can You Do To Protect Your Organisation?

There are a couple of things we suggest doing immediately:

Partner with an IoT solution provider that can help you discover every IoT device connected to your network, and assess each device’s security risk

Invest in IoT solutions that integrate IoT security into a broader solution that also protects your datacenter, network, mobile, endpoint and cloud.

News Comment

Today's Industry

President Jokowi inspects vaccination for students at State Vocational High School SMKN 1 Beringin, Deli Serdang regency, Thursday (16/9). (Photo by: Presidential Secretariat/Laily Rachev)

Senin, 20 September 2021 - 13:05 WIB

President Jokowi Lauds Students’ Enthusiasm for In-Person Learning

President Joko “Jokowi” Widodo inspected COVID-19 vaccination for students at Vocational High School SMKN 1 Beringin, Deli Serdang regency, North Sumatra, Thursday (16/9).

Vice President Ma’ruf Amin (Photo: BPMI)

Senin, 20 September 2021 - 12:15 WIB

VP Calls for Public Collaboration to Combat Drugs Abuse

Vice President Ma’ruf Amin has urged the nation to join hands and participate in a joint effort to eradicate drug abuse.

President Jokowi on his inspection of door-to-door vaccination at Panampaan village, Harjamukti district, Cirebon city, Tuesday (31/08). (Photo by: BPMI/Muchlis Jr)

Senin, 20 September 2021 - 11:08 WIB

President Jokowi in Aceh to Inspect Door-to-Door COVID-19 Vaccination

President Joko “Jokowi” Widodo started his working visit in the provinces of Aceh and North Sumatra by inspecting the door-to-door COVID-19 mass-vaccination in Aceh Besar regency.

Hypertherm, a U.S. based manufacturer of industrial cutting systems and software.

Rabu, 15 September 2021 - 20:15 WIB

Hypertherm Introduces Three New Plasma Systems With Built-in Intelligence and a Revolutionary Single-Piece Cartridge Consumable

Hypertherm, a U.S. based manufacturer of industrial cutting systems and software, today announced three new air plasma systems called Powermax SYNC™. Featuring built-in intelligence and a…

The Pacific Asia Travel Association (PATA)

Rabu, 15 September 2021 - 19:44 WIB

PATA launches Virtual PATA Wellness and Luxury Travel Conference and Mart 2021 in October

The Pacific Asia Travel Association (PATA) is pleased to announce the launch of the Virtual PATA Wellness and Luxury Travel Conference and Mart 2021, taking place from October 20-22.