Here’s a collision of physical and virtual security. Activist hackers have breached live surveillance cameras installed at companies like Tesla, Equinox, as well as healthcare clinics, jails, and banks.
They gained access to images, and then shared screenshots of their ability to gain root shell access to the surveillance systems used by CloudFlare, and at Telsa’s HQ.
How? They stumbled upon a Super Admin account from the security company Verkada, which sells the systems designed for real time monitoring. Of note – researchers focus on the ability for employees of the company to access feeds without customer knowledge.
Meanwhile, while I’m talking about physical, data centers of company OVH, located in France, have been destroyed by a fire. Customers are advised to use their disaster recovery plans, as the fire has made multiple data centers unserviceable.
Why do we care?
I’ve talked a couple of times about the concept of monitor the monitor. Let’s do it again. The principle in security “trust, but verify” isn’t selective. Apply it everywhere. Your network monitoring tools, your surveillance tools, everything.
Also… do you really need these tools? One of the key questions a CIO – or virtual one – should be asking is if the technology is really the best way to solve the problem at hand. Is fake security just bringing us more security threats? Asking hard questions is where the real value is.
Source: Washington Post
Source: The Verge
Source: Bleeping Computer, Bleeping Computer
