How Verkada Locks You Out Of The Devices You Own
While the risk of Verkada's "Hostage as a Service" business model has become well-known due to IPVM, the details of how Verkada locks device owners out are not.
IPVM recently allowed our Verkada device's subscription to lapse to verify how they lock out cameras and what happens when users own Verkada devices but cannot use them. We also tested this with Verkada sensors (SV11 & SV25), access control, and alarm monitoring.
In this report, IPVM details and documents how this process works, including a video and multiple screenshots, and what problems a Verkada device owner faces without paying the subscription license.
Executive *******
****'* ******* ******** **** ******* ************** blocks ****** ** ******* *** **** video ******* ******* ******** ** **** they **** "*******." ******* *********** ***** upon ******* **** *** *** *********, revealing **** **** *** ***** ********** but ****** ** ******** ***** ******** have **** ****.
***********, ******* ********* ****** ****** ******* and ********* *********. ***** *********/************* ******* cannot ** ****, *** ******** ***** will ******** ***** ********** ********** ********. Users *** ***** ****/****** *** ***/****** sites. *******, ***** *** ** ******* added *** *******, * ********** ******** risk ** **** ** ****** ********* or ******** *** ******** ***** **** might *** ** ******* ** *********.
********, ******* ******* (**** *** ****) are **** ***** ******* ***. ****** are ** ****** **** ** ********** being ***/********. *******, *** ****** **** of *** ******* ******* ****** *********/***** operational, ****** ** **** ** ********* in *** ******* *** *********.
*** ******* ****** **** ****** ** functionality. *** ******* **** *** ***** works ** * **********/****** ********* *** existing ****** ******. *** ******* ****** app ***** ****** ***** ** ***/****** sites. *******, *******'* **** ******* ****** app *** ***-********** *** *** *** allow ***** ** *** **.
Full ******** ** ******* ********* **********
*** ***** ***** ******* *** ******* Command *** ********* ********* ******* ********. No ****** **** ** *********, *** all ***** ******* ***** ********, ****** the ***** ****, ***** *****:
Verkada ******* *************** ********
**** ********** ** ****** *******, *** Verkada ******* *** *** ******* ** load/populate ******* *** ~*-* ******* ****** showing ** ***** **** *******, "*****, there's ******* ****!":
******* ********** ******* *******, ****** *******, intrusion, ** ************* *******, **** ** the ******* *** ******** ** *** Verkada ******* *** *** ******* ****** the ******* *******.
Locked *** *******
******* *** ******* ******* ********** *** normal **** ****** *** ********** **** the ****** ** ********* *** *********, they *** ****** ***:
** *** ******* *********, ***** ****** view/access **** *******, *****, ********, ******, or ****** ********, **** *** ***** displayed ** ***** ***:
********, *** ********** **** ****** *** expiration ** **** *** **********. *** example, ** ** ***** ********* ********* footage/events ******, ** **** *** ** an ******.
*******, ******* ****** ******* *** ***** streaming/recording ****** ***** ********* ******, *** all **** **** ** ******** **** licenses *** *********.
** **** ** **** ******* ******* are ***** ********* **** **** ******** to ****** ****. **** **** **** be ********* **** *** ****** ****** to *******, ** **** ** ***'** still ****** *** ********* ****** *** the ***** ******.
**** ******** **** ** ********, ** we **** **** ** ****** ********** recorded **** ***** *** ******* *** restored.
Limited ****** *******
***** *** ******* ******* *** ***** locked ***, *** ******* ****** ******* system ** ***. *** ***** ****** secure, *** *** *********** *** ******* function, *******/********* ******** *** *********/******* *********** (card *** ******) **** ******** ************** and *********** ******.
******* ********* ** ***** ********, *******:
****** *** ******* **** **** ***** work ** ******, *** ***’** ** unable ** ****** **** ******** *** Command. *** ****, ************* **** *******.
*******, ***** ********* *** *** **********, and ****** ************** *** *** *********. For *******, *********** ****** ** ***** or *******, *** ***** *** ****** Settings *** *********, ** ******** ****.
Intrusion ***** *******
*** ******* ********* ***** *********, ******** users ** ***/******, ***** **** ************* continuing ** **** ** *** ********** admins *** *****. *******, ************** ********* are *******.
*** *******, *** *****/****** ***** ****** be ********, *** ******** ***** ****** be *******.
*******, *** ***** ************ ****** ***** renders **** ** ***** ** *******, and *** **** ** *****.
********/*** **** *******'* ********** ******** **** not ****/********, *** ***** *** ***** any ********** *** ***** *** ***** reviewed ** *** ********** *******, *********** dangerous ** *****/***** **** **** ** that *******.
*****, ******* ********** **** *** ******* can ** ****** *** *** ****-***** intrusion ***** **** **** ******* *********.
******* ******** ** ******* ** *** access ** ***** ** *** ********* panel. **** ***** ** ** ********* on *******'* ****, ** **** ************** blocked **** **** ***** ** *** Command *********.
Environmental *******
**** *** *******, *** ************* ******* are ***** ****** ***, ****** **** display **** ****** *** ****** ********** the ******* *** *******, *********, *** recording ****.
***** ****** ****** ** **** **** from ***** *******, *** ****** ** previously ********** ********** ** *** *****. For *******, ************* *** *** **** due ** ****** ** *** **** or **** *******. *** ********* *** air ******* **** *** **** ***** in *** ******* *********.
Verkada ****** **** ********
** *** ******* ****** ****: ******, Command, *** ****, *** ********* ********* varied *************.
** *** ******* ****** ***, **** could *** ****** *** ***, **** working/current *********** ******** ** *** *** version ** *******'* ******* ********.
** *** ******* **** ***, **** could *** **, *** *** ****** app *********** ********/**** ********, ******** ** to ******/**** *** ***** *****.
** *** ******* ******* ******* ****** Mobile ***, **** ***** ***/****** *** raise * ***** ***** ****** ** associated ***** ********* *** *********.
Verkada's ********** *************
****** *** ******** **********/********** ** ****** to ******* *******, *** *******'* ******* team **** ****** ** *** **** Admin **** ***** ****** *** ***** email ********* *** **** ****** ***** lost.
***** *** * ******* ***** ******* the ******* ******* *** ***** ** expire ** ** ****:
**** **** ***** *** ****, ***** was * ****** ********* ** *** Command ********* ******* *** ******* *** expired:
********, ** ***** ******* *** ******* license *** *******:
*******, *** ***** ******* *** ****** has **** ****, *** ** ******* licenses ** *** ** ** **:
********* *** **** *****, * *** renewal ******* ****** *** *********, ******* access *** ****, *** * ******* contact *** ****** ** ******* *** renewal.
** *** *** *** *** ******* hardware ** ***** *********. ** *** don't *** *** ******** *** ******** does *** ****.
** *****,
***, *** ******* *** ****** ***. In *****, *** ******* *** "****** in" ** *** ******* ********. ** you ***'* *** *** *** ********, the ******* **** *** ********.
** ******, ******* ******* *** ** added*** **** ****** (*** ****),****** **** *** ******** *** *******, you ****** ****** *** *******, *** they ****** ** ***** ** *** VMS *** **** *******, ***. **** are ***** ****** ***.
** ********* ** *** ****, ** saw **** ******* ** *** ********* panel, *** ** ******* **** *** an *********.
** **** ** *******, ** *** set *** ******* ***** ** *** RTSP ***** ** *** **********, **** they ******** ** ****** ** *** 3rd ***** *** ***** *** **********?
** * ****** ****** ** *******, I *** ******* **** *** ******* to ****** *** ******* ** ************ are **** ** *******. **** *** be ********* ** ***** **** *** end **** ** ** *** ****** sector *** ** *** **** **** to *** ******** ****** *** ****** cut ** * ******* ********.
**** *** ******* ** ****** *** licence ** ************ *** **** ** advance
* ********* ******* ****. *** ********* is *** *** ** *******'* *****. With ***** ***** ***-******* ********, *** manufacturer ****** **** *** *** ** the ******** *** ******* ***.
****, ******. *** ******, **** ** that ********** -**** ******* ***** ** *** ***** Customers?
*** *******, **** ******, *** ** not * ********* ********, **** *** access ** * ********* ******** ******. It ***** ** ********** ********* ** Milestone ** * ********* ******** *** that. ********* ****** *** **** *** do ****. **** *********'* ******* *******, if *** ***'* ***, *** ***'* get ****** ** ******* *****, *** your ******* *** ***** **** *** can ** **** *********.
********, *************, ***, ** ** **********, could ******* ****** ** **** ********'* systems *** **** ***** ** ********* from *** ************ ***** **.
* ***** ****** **** **** ******** to ************.
*** ******** ****** **** *** *** of *** ******** *** ******* ***.
**** ********, *** * ***** ***** in **** **** **** ********** **** a ****** ***** ***** ** *** Milestone ******** ****** ** ****** *** access ** (***/** ******* *** ******** so *** ******** ****'* **** **), then **** ** ** **** *** permissions *** *** ** ***** *****.
*'** ***** ** **** ********* ******, but ** **** ***** ********** ******* to ** **** ********* ** ***** software. ***** * ********** **** *** integrator ****, ********** * ***** *** action ** ******* ***** ***** ******* is *** ****.
**** * *** * *********** ** a ************ **** * ***, **** or ***** * *** ** ******** ask *** **** ******* **** ***** system **** ** ********** *** ****** them *** ** **** ****. ** one **** * ****** ** *** definitely *** ********** ** *** *****, another **** ** * **-**** ***-****. But **'* * ******* *****, *****'* nothing ** ***** **, **** **** it ********* **** **** ** ********* their ****** **** ** *******'*, **** the ******* *******.
******* ****** *** ** ****** ******** in * ****** ** ******* ** you **** ******** ****** *** *** right ******** *****.
**** *** *** ********* * ************ should *** ******** **** ** ** view. ****'* * *******-**** ***** ***** IT ****** ****** **.
******* **** *** ******* ** *****. They ******** **** **** ***** *******, and ***** ******* *** **** ** used ** ***** ******. ** *** want ** **** ** * **** VMS, *** **** ***** *** *******, purchase ***, *** *********. ******** ***** / ******** *******.
***** ** ******* ** **** ***** get ** ** ******** ******* ** firmware ******** ** *** ** **** can **** ***** ******** **** *** Camera.
**** *** ** *** *** ** the ***, * ******* ******.
*** *** *** * ****, **** might **** ******** ***** ********** ** stop ****; ****** ******* **** **** sloppy ******.
*****, ****** ******** *** * ************* analysis ** *******'* ************** ** ****** ************* ******
***** ** *** *** *** ** load ***** ******** ** *** ******, he ************ ** ************ ** **** it *****, ** *******, ** ****** hard ** ** ********* **** ****.
**** ** **** * *** ******** a ***** ****. **** ****** ******* cameras ******** *** * **** ** five-year ******* ********* ******** ** ****** this ****, ** ***** **** ** opportunity.
*** ** *********** *** ********* *** possibly ******* **** ***** ****** ********** right-to-repair **** ***********. ****** **** *** much **** *** ****.
***** ** ****** ********* ** ******* here. **** *******, ** ** *** just ** ***** ** ******, ** is ** ***** ** *** **** cameras ******* ****** ****.
** * ********, **** ** ********* we ******* *********** **** ********* ******** times. **** ********* *** *** * fit *** ******* *** ***** *** those *** ***** **** **** *** pretty *****. ** **** **** ***** products **** *** **** ****** *** have ***** *** ** ***** **** Verkada ******* *******. **** *** *** subscription? ***** ****** ******.
** * ******* **** - * don't ***** ****** *** ** ***** with **** ******** *** ****** ** you *****'* ****.
*** ***** **** **** * ******* is **** *** ******* *** ******* unless ******* **** ********* ** **** all ***** ********* ****** ****'** ****** forced ** ******** ** ******* ****** the ******* ********* ***** ** ** a ********* ******* ** *** ******** again.
**** ***** ****** ** *** ***** sites ** ******* **** ***** **?
*** ******* *** ******* ****** ******* says *********
** ********, ** *** ***** ****** if ******* ******* ******* ****** ** the ****** ****'* *** *** ** would ** * ********** ********* ********* if ******* ******** **** **** **** access ** **** **.
*** ******* ******* (*'** ***** **** may **** ***** ********** ******* ****)
********
*****
*****.*** ******
****** **** *** **** ****** ** those ******* ** *** **** ***. I'm *** * ******* *** ** any ***** *** ****'* *** **********?
* **** *** *** **** ** try *** ******* **** *** *** cameras *** **** ** ** ***** cameras *** ** ** ***.
*** *** **** *** *** ***** access *** ******* **** **** **** if *** ** ****** *** *** the ***** ********. *** ****** *** access ******* ******* **** *********** ********.
****** *** *** ******* **** **** this *** **** ** *** ***'* pay *** *** ***** ************ *** lose ******.
*** *** ******* ****** *** ** well? ** * ******** ******** ** cameras *** ******* ** ** **** a ********* *** (***** **** ******* Center) ***** ***** ******* ******* *** the ******* ***** ***** *********? ***** they **** ***** ******* *** **** on *** ***** ***?