Verkada Internal Cameras Leaked
Cameras inside Verkada's facilities were made publicly available by a leak of a Verkada API key, IPVM discovered, though Verkada told IPVM that this was a "demo" system that they shared with partners and customers.
Nevertheless, the Verkada API key we found was quicky revoked and IPVM sees significant concerns for the privacy and security of Verkada employees and visitors who are exposed to anyone who Verkada shares these API keys with.
IPVM found the Verkada API keys, verified authenticity with Verkada's own API Web GUI, and was able to retrieve information and camera images as we show herein.
******
**** ***** * ****** ********** **** leaked ******* *** **** *** *******'* internal ****** **** ******.
******* *********** *** **** ** *** Verkada*** ****************** ******** ************* ***** **** * fairly ****** *** ********* **** ****** interactive *********** ** ***** ***.********* ************** *********** ************ ** **** ** *********** ******* the ****** *********** *** *** ******.
Leaked *** ****
*** ****** *** **** **** *** primary ********* ** *** *** *******, authentication *** *************. ***** *** ************** key ** **** ** *********** *** request **** ***** ************* *** *** authorization *** ***** *** *** ******* the ******* ** ********** ** *** the *** *** ***** ** *** API's ******** ** *** ******.
**** *** **** ** ****** *** authenticity *** **** *********** ***** +** outdoor *** ****** *******, ***** ****, and ***** *********** *** ****** **** the *******, ** ***** ***** ** a *********.
******** ** *******, **** **** ****, UT:
******** ** *******, ******, **
***** *, ******** ******* ** ******* HQ, *** *****, **
***** *, ********* ****** ** ** P1 ******** ** ******* **, *** Mateo, **
*** ***** ** ******* **, *** Mateo, **
Croatia **** ********* ******
*** ****** ***** ***** ** ** Zagreb, *******, ******** *****. *********, **** installation ***** ************ **** ********** **********(****) *** ****** **************** */**** ** ********** ** ******** data ******* ***** ********* *** ******** **** ********** *****.
**** ******** *** ************ **** *** help ** *** ********* ******* *** coordinates.
API *** *********
**** ******* *** ** *** ***** of *** ****** **********, *** ******* thereafter **** *** ********** *******, ***** should **** ******* **** **** ** the ***** *****.
Key *******
**** ****** *** ****** *** **** once * *** **** ***** *** response, ***** *** *** **** *******, so ** ***** *** *** **** were ********* *** ** ***** ******** after ***.
Verkada **** **** ******
**** **** ******* *** ** *******, who *********:
*** *** *** *** ******* **** IPVM ******** *** **** ** *** public-facing ************* ******** ** *** ******* platform, ***** ** **** “***********.” ** ********* *** ****** **************** **** *** ******** *** ********* on * ***** ***** ** *********** our ******* ************. ** ************* ***** the*********** ******* (********* *******) ** ******** locations ******* **** *** *** *** public ***********. ** ****, ** **** our ********* ***** ***** ******* **** the *** **** ***** ******* ************ ** ******* **** *** **** cameras. ** *** *** ******* ****** you ***** *****, ** ** *** of *** **** ******* – * company ****** ** ** *** ** its ******** ************ ** ************** *********** *** ****** ************ *********’* **** ***.
*******’* *** ** *** ** *** many ******** ** ******** *************. ** ******** ************ ****** ** some ** *** **** *********** **** can ** **** ** ************** ******* **** *********. ***** *** public ****** *************, ** *** *** ********** ** the *** ****, ***** **** **** access ** ************** ********. ** ****, ** ***** our ********* ** ******** *** ****** these **** ****** ** **** *** more ****** ******** *** ********. ***********, we *** *** ***** ** *** evidence ** * ****** **** ***** trigger * ********* ********** ***** ****.
********
** **** ******* ** ****** *** keys, ***** **** *** *** **** important, ** ** ***** ********* ** protect **** *** ***** **** ** sensitive, ** **** *** ** **** for ************** *** ************* ** ******* important *** ********* ***********.
****** *** ****** **** *** ******
** ****, ******* *********** ** * can ******** ** **** ** ** Yeti's, "******-*******", ***********, ***** *** ****, and *****-***** **** ********!
********, *** ** *** **** ****** on *** ***** ** ******* ***** have **** **** ******** ****** ******* at ****.
**** ** *** *** ***** **** IPVM *** ******** ** *******'* ******** cameras:******* ****** **********, **** *** *** False ****** ******* ** *********
****** ** ****** ********* ***** ****Verkada's *** ***** ************ system were passed around by Verkada sales managers captioned with graphic sexual comments, causing strife within the Silicon Valley unicorn. [emphasis added]
* ****** ** **** *** ******* in **** ** ********'* ******** *********** into *** *****
** **********, *** ***** ***** *** that ** ***, ****** *** *** it ** ** ******* ** *** code **************, *** **** ** ***** exposed ******** ** *** ******** ** the ****** *** ********** *********.
** ** **** ** ** *** some ** *** ****** ** ************ a ***??? **** **...** ****** ** your "**** ******"
***.
*** **** ******* ** *** ******** shots *** *** ******** ***** ****** be **** *****.
************...
***** ** ** *** ** * limb **** *** *** **** *** of *** **** ****** ** *******'* mind ** **** ***/** ******** ** any ** *** ***********.