Category Archives: surveillance cameras

Verkada breach spotlights ongoing concerns over surveillance firms’ security

Posted on by

Even for Elisa Costante, who studies vulnerabilities in surveillance devices for a living, the breach at the security-camera startup Verkada was startling.  A group of hackers earlier this month claimed to have access to some 150,000 live-camera feeds that Verkada maintains in schools, prisons and hospitals. The incident provided outsiders with an entry into live video feeds at companies including Tesla, and enabled hackers to access archived video from Verkada subscribers. “It really opens the eyes on what can happen” when an attacker exploits access to a web of insecure surveillance devices, said Costante, a senior director at security vendor Forescout Technologies. The U.S. Department of Justice on Thursday announced an indictment against Tillie Kottman, one of the people who claimed responsibility for the incident, for alleged computer and wire fraud, and aggravated identity theft. The charges don’t mention the Verkada breach, and accuses Kottmann, who lives in Switzerland, and others […]

The post Verkada breach spotlights ongoing concerns over surveillance firms’ security appeared first on CyberScoop.

Continue reading Verkada breach spotlights ongoing concerns over surveillance firms’ security

Alleged Verkada hacker says police raided their home in Switzerland

Posted on by

One of the hackers who claimed responsibility for breaking into the networks of camera surveillance firm Verkada says police have raided their home in Switzerland. Tillie Kottman said in a social media post that the raid occurred Friday morning in the Swiss city of Lucerne and resulted in the confiscation of their electronic devices. Kottman has claimed to be part of a group of hackers the broke into the networks of Silicon Valley-based Verkada, and reportedly accessed live feeds of 150,00 cameras in hospitals, prisons and other organizations. The raid was part of a criminal case against Kottmann that U.S. prosecutors are pursuing out of the Western District of Washington, according to Bloomberg News, which was first to report on the raid. Kottmann is accused of identity theft, fraud and breaking into protect computers, Bloomberg reported. A Justice Department spokesperson did not respond for a request for comment on Friday. Police […]

The post Alleged Verkada hacker says police raided their home in Switzerland appeared first on CyberScoop.

Continue reading Alleged Verkada hacker says police raided their home in Switzerland

In letter to senators, Amazon’s Ring defends cybersecurity policies

Posted on by

After a series of security incidents involving products made by Amazon-owned Ring, the home security company is making the case to U.S. senators that its cybersecurity policies are robust. In a letter to lawmakers this week, which CyberScoop obtained, Ring said it regularly does penetration testing and source code reviews of its products, and that it encrypts the video captured by its cameras. “Like any rapidly growing company, we recognize that we must continually evolve and enhance our data and security practices to block efforts by bad actors,” Brian Huseman, Amazon’s vice president of public policy, wrote in the letter to five Senate Democrats. The company said it now “proactively monitors” for customer credentials sucked up in third-party breaches, and recently began prompting users to set up two-factor authentication on their accounts to make it harder for hackers to compromise them. The senators — Chris Coons of Connecticut; Ed Markey of […]

The post In letter to senators, Amazon’s Ring defends cybersecurity policies appeared first on CyberScoop.

Continue reading In letter to senators, Amazon’s Ring defends cybersecurity policies

New York company charged with selling vulnerable Chinese-made equipment to U.S. military

Posted on by

U.S. prosecutors on Thursday announced charges against a New York company and seven of its current and former employees for allegedly selling Chinese-made surveillance equipment with known cybersecurity flaws while falsely claiming the technology was made in the U.S. Aventura Technologies, which makes security equipment like metal detectors and surveillance cameras, is accused of lying to customers, including the U.S. military, for over a decade by claiming to make their equipment in Long Island while surreptitiously importing it from China. In doing so, Aventura exposed its customers to “serious, known cybersecurity risks, and created a channel by which hostile foreign governments could have accessed some of the government’s most sensitive facilities,” the Justice Department said in a press release. The U.S. Air Force, Navy, and the Department of Energy were among Aventura’s clients. Jack Cabasso, the company’s de facto owner, his wife, Frances, and other senior company executives were charged with […]

The post New York company charged with selling vulnerable Chinese-made equipment to U.S. military appeared first on CyberScoop.

Continue reading New York company charged with selling vulnerable Chinese-made equipment to U.S. military

A flaw in Amazon’s Ring doorbells leaked customers’ Wi-Fi credentials

Posted on by

Internet-connected doorbells sold by Amazon’s Ring service contained a security vulnerability that would have made it possible for hackers to intercept a customer’s Wi-Fi username and password, then launch a larger attack on the network, according to findings made public Thursday. Researchers from the Romanian security firm Bitdefender discovered earlier this year that when a user first configured their Ring doorbell app, it accepted credentials in an unsecure format as it created a new digital access point. Then, when that network went live, the Ring app automatically obtained the Wi-Fi credentials and sent them to the local network. All of those transmissions were sent through an unencrypted HTTP format, meaning anyone with access to that open network could have obtained the Wi-Fi username and password, Bitdefender said. Researchers notified Amazon about the issue, and the company delivered a security patch via an automatic update. (Hackers likely would have needed to be within […]

The post A flaw in Amazon’s Ring doorbells leaked customers’ Wi-Fi credentials appeared first on CyberScoop.

Continue reading A flaw in Amazon’s Ring doorbells leaked customers’ Wi-Fi credentials

Don’t Look Away, Peekaboo Vulnerability May Allow Hackers to Play the Long Game

Posted on by

  The newly named Peekaboo vulnerability is a zero-day flaw in China-based Nuuo’s video recorder technology.The flaw in NVRMini2, a network-attached storage device, has remained unfixed in the three months since the vendor was alerted. This … Continue reading Don’t Look Away, Peekaboo Vulnerability May Allow Hackers to Play the Long Game