Security Cameras at Tesla, Cloudflare, and More Hacked

by

March 10, 2021

It’s easy to forget sometimes that the IoT encompasses more than just end-points and network devices. To help drive home that fact, Bleeping Computer has posted a story regarding hacked IoT security cameras. 

Cameras at major companies like Tesla, and Cloudflare have been hacked, according to the story. They’re not the only ones. Healthcare facilities, jails, banks, and more have been compromised as well.

The hack, part of something called #OperationPanopticon, exposed a vulnerability in Verkada, a surveillance company who works with the impacted businesses, software.

The hack was perpetrated by a group calling themselves “APT-69420 Arson Cats.” It’s unclear what their motivation was beyond exposing the weakness in Verkada’s software.

According to a spokesman for the group APT-69420 Arson Cats were able to compromise Verkada’s software after discovering the Silicone Valley-Based security provider had hardcoded super-admin credentials in their DevOps infrastructure.

Oy Vey.

EwEL01qWYAgkESN(1)

A screen grab from inside Tesla HQ (Source) APT-69420 Arson Cats

Cloudflare has issued a statement, saying none of their customers were impacted by the breach. Verkada has disabled the hardcoded super-admin credentials that were the root of the issue, and Elon Musk was unavailable for comment as he’s believed to be on his way to Mars in a Tesla Roadster sports car (well…maybe not).

There doesn’t look to be anything Verkada customers can do otherwise. If you’re not a Verkada customer the incident should still make you think about how you handle your IoT devices.

This isn’t the first time something like this has happened. It wasn’t long ago that Ring (a subsidiary of Amazon) was dealing with an issue revolving their security products being compromised. Now, that’s not exactly the same issue, but close enough.

The moral of the story is this: there is a good possibility that at some point in its lifetime, an IoT device you own will be compromised. There’s no way around it. It is up to you, dear reader, to decide how you want to protect yourself.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Carl Keyser is the Content Manager at Integris.

Keep reading

Is DeepSeek Safe for My Company’s Systems?

Is DeepSeek Safe for My Company’s Systems?

China’s new DeepSeek AI engine Has Ushered in a New Era of Fast-Turn, Low-Cost AI Tools. But Are the Risks Worth the Rewards for US Companies? Key Takeaways: China's DeepSeek has been hailed as the nimble new competitor to US large language AI models—an alternative...

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...