If I were lying in an ICU bed, I know I wouldn’t want a camera on me. The inappropriate deployment of camerasīy providing a window into video surveillance systems across a wide range of institutions, the Verkada hack reveals how some of those institutions deploy cameras in inappropriate or unethical ways. Other companies offering similar services have also granted such access, including Google, Microsoft, Apple, and Facebook.ģ. Ring, the Amazon-owned doorbell camera company, gave workers access to every Ring camera in the world together with customer details. Unfortunately, such centralized access to surveillance feeds by vendors is hardly surprising. One former executive told Bloomberg that such access extended to sales staff and “20-year-old interns.” It’s unclear how many (if any) of Verkada’s customers knew about this centralized access, though if any did, they weren’t notified when it was happening - and it’s pretty likely they didn’t expect it to be so casually used. Bloomberg and IPVM reported that the use of these Super Admin accounts was widespread within Verkada, with more than 100 employees having access. The very existence of such an account is a scandal in itself. The intruders gained access through a pre-existing Verkada “Super Admin” account that let employees watch video from any of the company’s cameras. But this breach is certainly a reminder of that third vulnerability. We don’t know of any government intrusion here - though any collection of sensitive data is vulnerable to domestic or foreign governments through legal or other processes. Internet-connected devices are vulnerable to three broad categories of privacy invasion: hackers, the government, and the companies that make the devices.
That’s because good cybersecurity is expensive, and with the occasional exception of a few days’ bad headlines, the consequences of failure typically fall on others, rather than on the company. Many companies, especially less established ones, don’t make cybersecurity a priority.
To protect it, your defenses have to be perfect, while an attacker only needs to find one way to succeed - one weak password, one unpatched vulnerability, or one gullible worker. The bottom line is that it’s simply easier to attack an online asset than to defend it. The hackers reported accessing not just live video but also videos customers had saved to the cloud - in other words, onto Verkada’s servers.ĭigital security is difficult. In this case, the hackers reported that they were able to watch video showing such things as a man struggling with staffers inside a psychiatric hospital, a man being interrogated in a police station, patients in a hospital intensive care unit, and a family doing a puzzle inside their home. We have previously warned people who are considering buying a doorbell camera or other internet-connected camera for their home - or other kinds of “Internet of Things” devices - that they are susceptible to hackers. And you are making the privacy of anybody recorded by that camera vulnerable. When you hook up a camera to the internet, you are making it vulnerable. What does this breach tell us about the state of security today? While the story has many dimensions, it offers four principal reminders about surveillance, video, and internet-connected devices. Because the company streams video to a centralized source (its servers) to provide these services, the hackers were able to access not just a few cameras here and there, but a vast number of video feeds.
The company, Verkada, does not merely sell security cameras it also provides a variety of surveillance services to its clients, including cloud storage of video footage and remote access to camera feeds on smartphones or other devices. Some of the video footage - showing patients in their hospital rooms, for example - was extremely privacy-violating. We learned last week that a group of hackers gained access to cameras installed by a surveillance camera company, and said they were able to access live feeds from 150,000 cameras inside schools, hospitals, gyms, police stations, prisons, offices, and women’s health clinics.
0 kommentar(er)
