WE HAVE A LOT TO SAY

Internet of Things (IoT) appeals to us with promises of convenience and visions of the future, and more often than not, it delivers. However, hackers never tire of exposing the vulnerabilities and negligence of some IoT providers who capitalize on the trend at the expense of their customers’ privacy and reputations. 

A warning came last week when an international hacker collective gained root access to Varkada Inc.’s security cameras with a Super Admin login and password they, reportedly, found on the web. The hack exposed over 150,000 live feeds, video archives from all of Verkada’s customers, as well as the entire list of thousands of Verkada customers and the company’s balance sheet. Shortly after Bloomberg contacted Verkada, the hackers lost access, indicating that the passwords have been changed.

Among the clients of the enterprise video security start-up Verkada Inc. whose feeds were compromised during the breach are the likes of an electric carmaker Tesla Inc., software provider Cloudflare Inc., a chain of luxury gyms Equinox, Halifax Health hospital in Florida, Tempe St. Luke’s Hospital in Arizona, Wadley Regional Medical Center in Texas, a police station in Stoughton, Mass., Graham County detention facility in Arizona, Sandy Hook Elementary School in Newtown, Conn., Madison County Jail in Huntsville, Ala., and many more. Additionally, hacker got a peak into the homes of some of Verkada’s employees who have installed cameras in their houses. 

Verkada advertises several features that let customers search and filter subjects by gender, clothing color, facial features, and more. The breach showed these being used in multiple locations, including hospitals and detention facilities where hidden cameras track inmates and staff. 

According to a statement from Tillie Kottmann, one of the hackers from Switzerland who took responsibility for the breach, the hack “exposes just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit.” 

Verkada Inc., who advertises its services as “Secure By Default” on its website, has raised $80 million in venture capital funding from Silicon Valley investors including Sequoia Capital in January 2020, which put its valuation at $1.6 billion. The company came under scrutiny in October 2020 when three employees were fired after using company’s security equipment to spy on their female colleagues. 

This security camera breach happens amidst a rising tide of high-profile cyberattacks. For businesses of all sizes, including SMBs, this means the need to be more vigilant and critical in choosing their IT providers. Remember to always: 

• Secure your password: don’t share them in digital communications or write them in any visible spots
• Enable multifactor authentication
• Do your due diligence on all external IT partners you are bringing on board.

With the growing reliance on IT and smart tech for day-to-day business continuity, it is important to ensure security is proactively practiced not only in your own company, but also by all your technology partners.