Verkada Breach Demonstrates Danger of Overprivileged Users
In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.
Uber's God Mode. Hard-coded passwords in networking products. Rosenbridge processor backdoors. And now Verkada's super admin account that reportedly gave hackers — as well as more than 100 internal users — access to videos from tens of thousands of client cameras.
The list of massive security failures due to product or service architectures that give a single user or group unfettered privileges continues to grow. In the latest case, hackers gained access to a super admin account for the cloud service of security-camera startup Verkada, enabling them to view videos from nearly 150,000 cameras. Prisoners in county jails, factories for carmaker Tesla, and the offices of Internet-infrastructure firm Cloudflare were all viewable using privileged access, according to reports and hacker statements.