Verkada Revokes Global Admin Access To Cameras, Says Requiring 2FA 'Excellent Suggestion'

By Conor Healy, Published Mar 25, 2021, 12:36pm EDT

Verkada's CEO confirmed yesterday that they revoked 'global admin access' to cameras, which the company hid from their customers for years. Moreover, Verkada's CEO said that requiring 2FA on these accounts was "an excellent suggestion."

IPVM Image

Filip Kaliszan, Verkada CEO, held his second AMA for customers yesterday amid continued fallout from a massive hack two weeks ago.

Super *****/"****** *****" *******

*******'* *** ******* ********* from **** ********* ********* seeking ************ **** ******* would *** ******** ** view ******* ******* *******. The **** ******** *******'*********** *** ** ***** admin ***********, ******** >*** ********* including ******* ** **** customers' *******.

*******'* **** ** ********* shared *** ********:

**** ***, *** ****, asked ** * *** folks ********, *** *** global ***** ****** ** cameras, *** *** ** you **** ** ***** who *** *** **** access ******* **** ***** credentials?

*******'* *** ********* ********** that **** *** *******:

So *****, *** ****** - *** ****** ***** ****** - ** ******* *** **** *******. And the only people in our organization that have access to the admin rights are the few folks that are the most senior, and the engineering team that are conducting the investigation and need to access logs on cameras and kind of carry out their investigative tasks. [emphasis added]

***** ********** ** ******* would ***** ****** ******** systems, ******* ********* **** again.

**'* ******* **** *******. So * ***** **'** touched ** **** ********, but **** *** **** has **** *******, ******* from *** **** ****. Yeah, *** ****** **** doesn't *****.

Intern ****** *********

******* **** ********* **** interns *** ******, ** their **** **** ****, saying ****:

***** *** **** ****, you ****, **** *****, you ****, *****, *******, interns ****** ****** ** it. **** ** ****. Our *********** ******* *** are **** **** *********, and *** ** *** just **** *** ***** engineers *** ****** ** this ****, *** ***** use ** ** **** on, *** ****, ** customer ******

2-Factor **************, "** ********* **********"

* ******** *****, "**** all ***** ******** **** to ****** ******** ******* require ***?" **** *******'* head ** ********* ****** "we've ***** **** ***** a ***". *******'* *** responded:

****. ** *****, ****'* an ********* **********, * think, *** ****, ***, the ***** **** * want **, *****, ****** everyone ** **'** ******* at, *** ****, *** broad ******** ** ****** to ******, *** ****, any ***** ******** *** any ******* ********.

** *******'* '****** ***** access' ******** *** ******** 2FA, **** ***** **** either ******* *** ****** entirely ** **** ** far **** ********* ** access *******'* ********.

***** ** ***** **** is ** ** '********* suggestion', ** **** ********* that, *****, ******* *** not ******* ******* *** nor **** ******* *** able ** ****** ** requiring **.

** ******* *** ** Verkada ** **** ***** but *** *** ******* a ********.

"How **** *** ****** *** ***** **** *** **** **** ** ******?"

** ******** **** ********'* Durango ****** ********, * Verkada ********, *****:

* ******* ***. *** of **** ********* ******* you. *** **** *** repair *** ***** **** has **** **** ** stolen? ****'* ****, * have **** * **** advocate *** ******* ******** andI'm ********** *** ***** ****** *********** *** ******** ******** *** ****** ** *******. ** ********** ** *** ******* **** ***** *** * ********* *** ******* ** ***** ******* ** ****. *** *********** *** **** *** *** *** **** ********** *****, ****'** **** *** ****. How do you respond to that comment? [emphasis added]

*******'* *** *********:

****, * ****** ** things. * ****, * think, ****, ***** ** all, ***** *** *** being ** ******** ** our ******, ** ****** appreciate ****, *** ****, that ***'** **** ** advocate ** *******, ***, you ****, *** *** tools *** **** ** build *** ***. * think, ** **** *** I **** * ********** amount ** ************** ** you ** *** ********* to ******* ** *** of *** ******** ** make **** ******* ** our ********. * ***** the **** * *** offer ***, *'** *******, you ****, **** ** summed ** **, ** my **** **** **** I ***** *** ***** 10 **** ***.

"They ******** **"

*******'* *** ********** ** the ******* ** *** week * **** **** they **** * ******:

**** ***** ** ****** committed * *****, **** attacked **, **'* ** international ********* ***** ** attackers, **** ******** **.

Recorded ***** **** *

***** ** *******'* **** 2 '*** ***** ********' presentation ********:

**********

** ******* ****** **** details, ** ******* ***** that ***** *** ********** (allowing ********** ****** ***** access *** *** ********* 2FA), *** ******** ** this ********. ** ******* had **** ** ********* and ****** ** ************* as **** ********** ********, this ***** **** **** avoided.

****** (**/**/**): ******* *** now *********** ****** *** of ***** ***** ********. They **** ********** *** new "******* ********** ******" feature, ***** * ******** can *** ** ***** support ***** ****** ** their ********. ** ******** the ******** ** ******* support ***** **** * one-time **** *** ****** to ** *******. ***** updates **** ******* * ****** ******* blog ****.

Comments (42)

******* * ******** ***** who **** *** ***** he **. *** ******** guard ****** *** **** unlocked, ****** * ******* he ******* **** **** on *** ****, *** then **** ** *****. Then ** **** ****** and ********* **** ** is *** ******.

**** ** **********. **** is *******.

Agree: 25
Disagree
Informative: 2
Unhelpful
Funny

***** *** **** **** doing **; ***** ***** just *** ******. **** up *** **** ************* work *** *** **** find **** ** * much ****** *******. ********* you ***'* ****** *** wrong ***** ** *** wrong ****** ** ******, along *** ***......

Agree
Disagree
Informative
Unhelpful
Funny

"**** ********* *** '********* Suggestion'"

**********.***

Agree
Disagree
Informative
Unhelpful
Funny: 9

* **** * ******* experiment *** *** ********. And ***** ** ***** apply ** *******, * think ** *** ** applied **** **** *******:

* ***** ************ ********** for ********** ********** ****** to ******** ******* *** says **** **** ****** the *******. *******, **** secretly ****** *** ******** and ******** *** **** allow ****** ********* ** know ***** **.

*** **** *** **** find ***?

Agree: 8
Disagree
Informative
Unhelpful
Funny

**** * ****** **** Transparency ****** **** ********* did. **** ** *** that ******** ***** ********** by ***** **** *** honest *** ******** ****** to **** ***** ****** code ****** ** ****** for ****** ******.... ;)

Agree
Disagree
Informative
Unhelpful
Funny: 3

**** ** *******, *** CEO ****** **** ********* (Senior ***** *****) ***** have ****** ** ***** customer's *******? * ******** could *** ********** *** answers **** *****.

Agree: 7
Disagree
Informative
Unhelpful
Funny

**. ** ***** **, even ** **** *** they **** ******* *** account, ***** ** ** way ** **** ** they *** ******* *** truth (****** *****'* * whistleblower ** ******* ****). But **** *******, ***** is ** *** ** know **** *********** **** **** ************.

Agree: 3
Disagree
Informative
Unhelpful
Funny

**. **** *****.

Agree
Disagree
Informative
Unhelpful
Funny

******** ** ** ********** in ********.

Agree: 1
Disagree
Informative
Unhelpful
Funny

**’* ***** ** ** interesting **** *** **** few ***** ** *** where *** “**** **** and ***** ******” ******* Valley *********** ***** *** where ** *****’*.

**** ******** ******** **** or *** ** *** is ** *************. **** deal **** **** **** driver *****’* **** ***** that ******** **** **** too. *** **** ********* doesn’t ***** *** ** trade *** ***** *** wanted ** *** ** your ******** ****** ******* ‘accidentally’ ****** *** ******* access **** **** **** disruption *** ******** **** can ** ****** ********/********?

Agree: 3
Disagree
Informative: 2
Unhelpful
Funny

"**** **** *** ***** things" *** (** ***** in ******) **** ** the "*****" ** *********** subjected ** ******** *** - ** *** ********, then ** ***** ** some ******* *******. *'* not **** *** ** address ****** ** *********** - *** *******, **** additional "*****" ************* *** required *** * ***** trading *** ** * security ******?

(*********** *** ****** ** subjective - ** *'* hungry ** ******, * food ******** *** ******* may ** ********* ** having *** ******* ********.)

*** *******, "**** **** and ******* ******" ** no ********* ** **********. There **** ****** ** hardware *** ******** ******** back ** *** **** when "*****" ****'* ***** to * *******.

Agree
Disagree
Informative
Unhelpful
Funny

IPVM Image

Agree: 4
Disagree
Informative
Unhelpful
Funny: 29

** *****'* **** ** be ******** ** ****-*** central *****.

*. *** ** ******** side ********. *** ******* to ** **** ****** of ****-*** ****** ***** access ** *** ******** accounts *** *********** ****** access.

*. ** **** ******* have ****** ** ** updated **** * ***** (cloud-initiated ******), ***** ** going ** *********** ********** of *******. ***** ** going ** ** **** management ** *** ********* to ****** *******. ** such **** ***** ** always **** **** *** can ******** ****** *** root *** *******.

*. ** ******, ***** build **** ****** ** to **** ******* ***** and *********** ******** **********, it ***’* ** **** to ****** **** *****. You ***** **** ** redo ***** ****** **********.

Agree: 8
Disagree
Informative: 2
Unhelpful
Funny

*. ** ******, ***** build **** ****** ** to **** ******* ***** and *********** ******** **********, it ***’* ** **** to ****** **** *****. You ***** **** ** redo ***** ****** **********.

IPVM Image

**** ** ******* *****:*** ****** ********* ** baked **- *** ***** *** said ** ******* **** he ***** **** *** thing *** ****directly ******* *** *** ******** ** *** **** **** ********:

"So *****, *** ****** - *** ****** ***** ****** - ** ******* *** **** *******. And the only people in our organization that have access to the admin rights are the few folks that are the most senior, and the engineering team that are conducting the investigation and need to access logs on cameras and kind of carry out their investigative tasks. [emphasis added]"

Agree: 5
Disagree
Informative: 4
Unhelpful
Funny

*****, ** ************ ******* in *** **** ********.

Agree: 1
Disagree
Informative
Unhelpful
Funny

****** **** **** ***** access *******. ****** ** course **** ******, ****** want **.

Agree: 3
Disagree
Informative
Unhelpful
Funny: 4

** ** ****'* *******. Access *** *******. *** if ***'** ***** ********, the ********* ************* **** loss ****** **********. *** those ****** ****** ***'*. So **** ** *** process **** **** *** in ***** ** **** those ****** ****** **** giving *** ***** ****** to **** ****** *****? What ** *** ******* to **** **** ******* from ****** ** **** coded ** ************** *****?

*'* ******** *******.

Agree: 8
Disagree
Informative
Unhelpful
Funny

** *** *** *** users **** ***** **** the *********, **** *** have *** **** ******** as **** **** ******** who *** *** * tarnished ********** **** ******* cannot ****** ** ****** what **** **** ** Verkada ****. **** * full ************ **** * complete ****** ****** ****** ones **********.

*** *** **** *** many ** *** ***** "Dinosaur's " **** ***** have *********** *** ***, we *** *** ******* on *** **** *** only ***** **** *** lack ****** ******** *** the ***** ********* ** their **********. *** *** thing ** **** ** genuine, ****** **** ****** his *** *** *** entire ****** *********** **** a **** ***.

** ******** **** ********'* Durango ****** ********, * Verkada ********, *****:

* ******* ***. *** of **** ********* ******* you. *** **** *** repair *** ***** **** has **** **** ** stolen? ****'* ****, * have **** * **** advocate *** ******* ******** andI'm ********** *** ***** ****** *********** *** ******** ******** *** ****** ** *******. ** ********** ** *** ******* **** ***** *** * ********* *** ******* ** ***** ******* ** ****. *** *********** *** **** *** *** *** **** ********** *****, ****'** **** *** ****. How do you respond to that comment? [emphasis added]

Agree: 4
Disagree
Informative
Unhelpful
Funny

****'* ** ******** ...

** **** *** * tool **** *** **** to ******* ***** *********, and **** **** ****** it *** - *** do **** ******* ***** customers ***?

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny

**** *** ***** ****, Verkada's *** ********* *** server:

*** ****** **** *** used ** *** ******* team ** ******* **** of ***** *****, ************, task *** *** ****, are ** ****** ***** operation. ** *******, *** know, ******* ***** ** calling *** ****** *** to ****** ***, *** threshold *** ********** **** day ** ***** ****, I **** ** **** my ******* ** **** aggressively ****** ** ***** mode. ****'* * ***** operation **** *** ******* team *****, *** ****, might **** ** ******* for *** ********.

***** ******:

** **'**, *** ****, we're **** ** ********** both * ***** **** and * **** **** plan ** *** ** reestablish **** ** *** functionality *** ******, *** know, ****** *** ***** for ******* ** ** able ** **** *** with, *** ****, **** any ****** **** *** might ****.

Agree
Disagree
Informative
Unhelpful
Funny

***** *** * *** of "*** ****" ** his **********. ** ****** speaking ********* ***** ** so ***** **** **** form ** ******. ***** a *** ***** *** to ** * ****** more ************.

Agree: 2
Disagree
Informative
Unhelpful
Funny: 1

**** **** ***, ***. Like **** *** *** going ** *** **** you **** * **** mistake *** *** **** it *** ******** **** knows ** *** **** keep ****** ***** **? All ***** "*** ****"* sound **** * ******* tic. * ***'* **** his ******** ** ***.

Agree
Disagree
Informative
Unhelpful
Funny

* ****** ******* ***** go * **** ***...*** know

Agree: 6
Disagree
Informative
Unhelpful
Funny: 5

** ****'* * *******; it *** ***********. **** the "*** *****"...

Agree
Disagree
Informative
Unhelpful
Funny

***** * *** ***** try ** ** * little **** ************.

*** ****, *** ***** think **...

Agree
Disagree
Informative
Unhelpful
Funny: 5

** ********,****, *** ********, ** the **** ****** ******* Verkada, ********* ** ******** sources. **** ****** ** the *** ********* ***** questions.

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny

*** *** ****** *** curtain ****** ******* ** has * ****-*** ** place.

**** ** *** ***.

Agree: 2
Disagree
Informative
Unhelpful
Funny: 5

****...."*** ****"....

Agree
Disagree
Informative
Unhelpful
Funny

*** ****, *******, *** know ******** ** ******* to *** ****, **, you ****, ********** ** a, *** ****, ************ situation. **** ***'** *** good ****** ** *** know, ***** *********, **** you ****, **** **** let's ******** *** ****, know. *** ****?

Agree: 1
Disagree
Informative
Unhelpful
Funny: 1

** *****, *** ****** - *** ****** ***** access - ** ******* has **** *******. *** the **** ****** ** our ************ **** **** access ** *** ***** rights *** *** *** folks **** *** *** most ******, *** *** engineering **** **** *** conducting *** ************* *** need ** ****** **** on ******* *** **** of ***** *** ***** investigative *****. [******** *****]

**'* *** ****** *** - ******* **** ***'* turn ** ***... ******* it ** ********* *** limited ** ****** ********** and *********

Agree: 5
Disagree
Informative: 3
Unhelpful
Funny

** ***'* ********. ****'* how.

Agree: 1
Disagree
Informative
Unhelpful
Funny

*** ******, *** ****!

IPVM Image

Agree
Disagree
Informative
Unhelpful
Funny: 10

$** ****** *** ****!!!

Agree: 1
Disagree
Informative
Unhelpful
Funny

**** *** ** ****** but *** ******* ***** one ** ****** ****, too

Agree: 4
Disagree
Informative: 1
Unhelpful
Funny

* ** ****** *** much ***** *******'* ********* have *** ****. **** allow *******, ** *** "cloud *******" *** *******, to **** ** **** outside ** *** ********** networks. ** ** * huge **** ********** ** 2FA ** *** ******** fixes.

******** *** *** **** about "******-***** *************" ******* up ** **********-**** **** and **** **********. ***** case ******* **** *** networks **** ******. ***, something *** ******** ** the *********** ** ** damage. **** ** ******* no-no.

* ** **** ** will **** **** ***** from *** "***** *******" deployments.

Agree: 5
Disagree
Informative
Unhelpful
Funny

***** ** ***** ***-******. What ** **, ** "sheep *********"

Agree
Disagree
Informative
Unhelpful
Funny

*** ** **** ******** sell ******* **** **** hack ** *** *** result ** ******? ** an *** ****, ****** is ** ***** **** when ******* ***** ******* me *********. *** * good ****

Agree: 3
Disagree
Informative: 1
Unhelpful
Funny

*** ** ********** **** was **** *****. * have **** ******* ******* pushing ******** ******** ******* to *** ***** *** a ****** ** *******, one ** ***** ** the **** ** ******* over *** *******, ******** and *******. * **** been ******* ** ********* change *** ********** * level ******* ** **** all ******** ******** **** the *****.

* *** ****** ** the ********. *** ***** I **** ** **** as *** ********* **** I ***** **.🤪

Agree: 6
Disagree
Informative: 1
Unhelpful
Funny

"* *** ****** ** the ********. *** ***** I **** ** **** as *** ********* **** I ***** **.🤪"

-******.

* ***** **** *** "reasonable, ******** *******"

Agree
Disagree
Informative
Unhelpful
Funny

** ** ***** *** this ******** ****** **** no ********** **** ** prior ******** ******** ********** allowed **** ** ******. They **** **** **** thinking *** **** *** of **** *** *** how **** ******* **** were **** ******** ****. Unfortunately, **** **** ********* the ***** ********* *** are ***** ** *** right *** **** *** appropriate ******** ** *****. 2FA ** *** ** several ******** **** ****** be ***********. *** ******* one ** ** *** the *** **** ********* who *** **** ****** to ***** ******. ******** when ******* ** ** the *** ** ********** service ** ******** * own ** ** ******* I*********** ** **** ******. How ***** ***** ** be ** **** *** into **** ****** *** have **** *** ******* on **** *** ******* your *********. ********** ** how **** ***** *** for ******* * ***** this ** * ***** sanity ***** *** *** entire ********. *** ********* this **** *********** *** real ******* **** *** actors.

Agree: 2
Disagree
Informative
Unhelpful
Funny

** ****'* ** ********...

Agree
Disagree
Informative
Unhelpful
Funny

**** ****** *** **** updated ***********'* **************** ***** ***** ******** will ** ****** ** used, *** ***** ************ of * *** ******* for ********* ** ***** account ****** *** ******* staff.

Agree
Disagree
Informative
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 6,891 reports, 921 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports