Hackers Gained Access to 150,000 IP Cameras Inside Hospitals, Police Departments, Prisons, Schools, and Companies like Tesla & Equinox

By : Nata Kesuma | Monday, April 05 2021 - 17:25 IWST

Illustration Hackers Gained Access
Illustration Hackers Gained Access

INDUSTRY.co.id - In March 2021, a group of hackers breached a large group of IoT security cameras via a Silicon Valley startup called Verkada.

Hackers gained access to live surveillance camera feeds exposing data and intellectual property at enterprises like Tesla, schools and prisons.

IoT devices are built with little or no security enabling hackers to expose those vulnerabilities and steal important data and intellectual property.

All enterprises need to proactively protect their IoT devices, networks, apps, and cloud services from sophisticated multi-vector Gen V cyber attacks.

Proactively secure your enterprise from the latest IoT cyberattack, so you don’t become the latest IoT security breach statistic.

Breach of IoT Security Cameras with Root Access to Launch More Attacks.

It’s extremely unfortunate to see yet another broad IoT security breach, but this breach is more dangerous that those we have seen recently. As various media outlets have reported including Bloomberg, Verkada, a Silicon Valley startup, suffered a massive IoT cyber-attack.

The hackers were “able to obtain “root” access on the cameras, meaning they could use the cameras to execute their own code on the device.

This enabled them to use the IoT device as a launching point for attacks laterally across the entire enterprise network. This exposed the rest of the enterprise network, devices, applications and cloud services to potential data and intellectual property theft.

With this super user access to the security cameras, the hackers were able to stream live feeds of every Verkada customer’s camera network. What’s scary is that Verkada’s large customer list includes a lot of enterprises like Tesla, public jails, hospitals, and schools.

In addition to the live video feeds, the hackers were able to access all the archived videos which means the entire video library for these organisations was at risk. A simple search on the “Verkada breach” will quickly demonstrate how massive this cyber-attack is, returning results of videos that have been made public through this breach.

Without a quick fix, many of these organisations had to shut down their network of security cameras to prevent unauthorised access.

This was costly, directly impacted their operations, and took their cameras offline increasing the security risk of those facilities. Although an investigation has been kicked off, it doesn’t erase the fact that this attack actually occurred and has raised awareness regarding the importance of IoT security.

How did the IoT Cameras Get Breached?

I think we can all agree that IoT devices bring productivity benefits to the workplace and have become necessary. For example, the surveillance cameras were needed by Verkada customers for security and business purposes.

Unfortunately, IoT devices (like IP cameras, smart TVs, etc.) present a huge attack surface for cybercriminals to easily gain access to your network as they are highly vulnerable and easy to hack into.

The security risk is real as 67% of enterprises and 82% of healthcare organisations have experienced IoT security incidents. IoT device are vulnerable to attack because they:

Having little to no built-in security

Run on Simple or Legacy OS

Use weak, easy-to-guess passwords

Are extremely difficult to patch

IoT devices have unique characteristics depending on the type of device – like the device functionality, unique operating systems, etc.

They also often use proprietary protocols which are often difficult to understand making it hard for IT and network managers to set policies for these devices. What’s even worse is that many of these devices are unmanaged – meaning that although these devices are connected to any given network, it is extremely difficult to control them, view them, and create policies for these devices without a proper solution.

So we’re left with the question…what can we do now to protect ourselves and our networks? 

What Can You Do To Protect Your Organisation?

There are a couple of things we suggest doing immediately:

Partner with an IoT solution provider that can help you discover every IoT device connected to your network, and assess each device’s security risk

Invest in IoT solutions that integrate IoT security into a broader solution that also protects your datacenter, network, mobile, endpoint and cloud.

News Comment

Today's Industry

President Joko “Jokowi” Widodo Wednesday (16/06) inspected mass COVID-19 vaccination for workers in financial service sector held at Tennis Indoor Senayan, Jakarta

Kamis, 17 Juni 2021 - 20:10 WIB

President Jokowi Inspects Mass COVID-19 Vaccination for Workers in Financial Sector

President Joko “Jokowi” Widodo Wednesday (16/06) inspected mass COVID-19 vaccination for workers in financial service sector held at Tennis Indoor Senayan, Jakarta.

Minister of Manpower Ida Fauziyah delivered a statement in the Presidential Office, Monday, (10/8). Photo by: BPMI

Kamis, 17 Juni 2021 - 19:00 WIB

Manpower Minister Tells Companies to Reinforce Health Protocols

Companies must continue to enforce strict health protocols in the workplace, particularly amidst the recent spike in COVID-19 cases in several regions, Minister of Manpower Ida Fauziyah has…

President Jokowi inaugurates Indonesia’s Export Release to the Global Market online at Bogor Presidential Palace, West Java (04/12/2020). (Photo by: Press Media and Information Bureau of Presidential Secretariat/Lukman)

Kamis, 17 Juni 2021 - 17:55 WIB

Indonesia Reports Upward Trend Economic Recovery

The Government has announced that Indonesia economic recovery will continue in line with the positive trend of exports and imports. For the record, Indonesia’s exports in May 2021 reached…

International Labour Organization (ILO)

Kamis, 17 Juni 2021 - 16:20 WIB

Indonesia Elected Member of ILO Governing Body

Indonesia has been chosen as a regular member of the Governing Body (GB) of the International Labour Organization (ILO) for the 2021-2024 period and will represent the Asia Pacific region along…

Minister of Home Affairs Tito Karnavian. Photo by: PR of Cabinet Secretariat

Kamis, 17 Juni 2021 - 15:40 WIB

Gov’t Extends Micro-Scale Restrictions to 28 June

The Government has decided to extend the implementation of Micro-Scale Activity Restrictions (PPKM Mikro) from 15 June to 28 June 2021.