> The hackers’ methods were unsophisticated: they gained access to Verkada through a “Super Admin” account, allowing them to peer into the cameras of all of its customers. Kottmann says they found a user name and password for an administrator account publicly exposed on the internet.<p>So you're telling me that the interface that grants you access to ALL of your customers' (including hospitals and schools) data and <i>shells</i> to the cameras doesn't even require 2FA? W...w-what?
As someone who spends a fair few weeks a year in hospital, the idea of internal hospital security cameras being connected to the internet at all is absolutely fucking horrifying. It's people at their most vulnerable, and FTA it says it was even cameras aimed at the beds, not just hallways and public areas.<p>The fact that ANY internet-connected camera system can be considered HIPAA compliant is ridiculous. Anyone who's had any exposure to the internet in the last 20 years has seen dozens of stories of cloud-connected cameras being exposed online... baby cameras, security cameras, etc. Combine that with the number of big hacks increasing, and the idea of any internet-connected camera being "secure/private" should basically be laughed at.<p>What will happen? Nothing. The hackers will be blamed, not the managers/executives who thought this was a good idea in the first place, or the multiple tiers of people who are responsible for security in these companies.
Cloud enabled cameras that I don't fully control are concerning to me. My guess is we will be seeing more of these types of breaches in the future.
This is why you don't have cameras unless you've got a <i>specific</i> reason to.<p>However, nobody important in those companies is going to jail for a breach like this, so nothing will change.
This is neat, but the whole "End Surveillance Capitalism" seems like a pretty big stretch. I'm not sure it's reasonable to think that showing a bunch of security camera footage will do anything of the sort, regardless of how damning.
> Verkada Inc.<p>I bet some people are catching flak for going with Verkada instead of Ubiquiti because Ubiquiti charges more.<p><a href="https://www.verkada.com/docs/cybersecurity-guide-cctv.pdf" rel="nofollow">https://www.verkada.com/docs/cybersecurity-guide-cctv.pdf</a>