Security Cameras at Tesla, Cloudflare, and More Hacked

by

March 10, 2021

It’s easy to forget sometimes that the IoT encompasses more than just end-points and network devices. To help drive home that fact, Bleeping Computer has posted a story regarding hacked IoT security cameras. 

Cameras at major companies like Tesla, and Cloudflare have been hacked, according to the story. They’re not the only ones. Healthcare facilities, jails, banks, and more have been compromised as well.

The hack, part of something called #OperationPanopticon, exposed a vulnerability in Verkada, a surveillance company who works with the impacted businesses, software.

The hack was perpetrated by a group calling themselves “APT-69420 Arson Cats.” It’s unclear what their motivation was beyond exposing the weakness in Verkada’s software.

According to a spokesman for the group APT-69420 Arson Cats were able to compromise Verkada’s software after discovering the Silicone Valley-Based security provider had hardcoded super-admin credentials in their DevOps infrastructure.

Oy Vey.

EwEL01qWYAgkESN(1)

A screen grab from inside Tesla HQ (Source) APT-69420 Arson Cats

Cloudflare has issued a statement, saying none of their customers were impacted by the breach. Verkada has disabled the hardcoded super-admin credentials that were the root of the issue, and Elon Musk was unavailable for comment as he’s believed to be on his way to Mars in a Tesla Roadster sports car (well…maybe not).

There doesn’t look to be anything Verkada customers can do otherwise. If you’re not a Verkada customer the incident should still make you think about how you handle your IoT devices.

This isn’t the first time something like this has happened. It wasn’t long ago that Ring (a subsidiary of Amazon) was dealing with an issue revolving their security products being compromised. Now, that’s not exactly the same issue, but close enough.

The moral of the story is this: there is a good possibility that at some point in its lifetime, an IoT device you own will be compromised. There’s no way around it. It is up to you, dear reader, to decide how you want to protect yourself.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...