Verkada Revokes Global Admin Access To Cameras, Says Requiring 2FA 'Excellent Suggestion'
Verkada's CEO confirmed yesterday that they revoked 'global admin access' to cameras, which the company hid from their customers for years. Moreover, Verkada's CEO said that requiring 2FA on these accounts was "an excellent suggestion."
Filip Kaliszan, Verkada CEO, held his second AMA for customers yesterday amid continued fallout from a massive hack two weeks ago.
Super *****/"****** *****" *******
*******'* *** ******* ********* **** **** concerned ********* ******* ************ **** ******* would *** ******** ** **** ******* without *******. *** **** ******** *******'*********** *** ** ***** ***** ***********, ******** >*** ********* ********* ******* to **** *********' *******.
*******'* **** ** ********* ****** *** question:
**** ***, *** ****, ***** ** a *** ***** ********, *** *** global ***** ****** ** *******, *** how ** *** **** ** ***** who *** *** **** ****** ******* with ***** ***********?
*******'* *** ********* ********** **** **** was *******:
So *****, *** ****** - *** ****** ***** ****** - ** ******* *** **** *******. And the only people in our organization that have access to the admin rights are the few folks that are the most senior, and the engineering team that are conducting the investigation and need to access logs on cameras and kind of carry out their investigative tasks. [emphasis added]
***** ********** ** ******* ***** ***** access ******** *******, ******* ********* **** again.
**'* ******* **** *******. ** * think **'** ******* ** **** ********, but **** *** **** *** **** revoked, ******* **** *** **** ****. Yeah, *** ****** **** *****'* *****.
Intern ****** *********
******* **** ********* **** ******* *** access, ** ***** **** **** ****, saying ****:
***** *** **** ****, *** ****, talk *****, *** ****, *****, *******, interns ****** ****** ** **. **** is ****. *** *********** ******* *** are **** **** *********, *** *** we *** **** **** *** ***** engineers *** ****** ** **** ****, and ***** *** ** ** **** on, *** ****, ** ******** ******
2-Factor **************, "** ********* **********"
* ******** *****, "**** *** ***** accounts **** ** ****** ******** ******* require ***?" **** *******'* **** ** marketing ****** "**'** ***** **** ***** a ***". *******'* *** *********:
****. ** *****, ****'* ** ********* suggestion, * *****, *** ****, ***, the ***** **** * **** **, again, ****** ******** ** **'** ******* at, *** ****, *** ***** ******** of ****** ** ******, *** ****, any ***** ******** *** *** ******* accounts.
** *******'* '****** ***** ******' ******** had ******** ***, **** ***** **** either ******* *** ****** ******** ** made ** *** **** ********* ** access *******'* ********.
***** ** ***** **** ** ** an '********* **********', ** **** ********* that, *****, ******* *** *** ******* require *** *** **** ******* *** able ** ****** ** ********* **.
** ******* *** ** ******* ** this ***** *** *** *** ******* a ********.
"How **** *** ****** *** ***** **** *** **** **** ** ******?"
** ******** **** ********'* ******* ****** District, * ******* ********, *****:
* ******* ***. *** ** **** customers ******* ***. *** **** *** repair *** ***** **** *** **** lost ** ******? ****'* ****, * have **** * **** ******** *** Verkada ******** ***I'm ********** *** ***** ****** *********** *** ******** ******** *** ****** ** *******. ** ********** ** *** ******* **** ***** *** * ********* *** ******* ** ***** ******* ** ****. *** *********** *** **** *** *** *** **** ********** *****, ****'** **** *** ****. How do you respond to that comment? [emphasis added]
*******'* *** *********:
****, * ****** ** ******. * mean, * *****, ****, ***** ** all, ***** *** *** ***** ** advocate ** *** ******, ** ****** appreciate ****, *** ****, **** ***'** been ** ******** ** *******, ***, you ****, *** *** ***** *** what ** ***** *** ***. * think, ** **** *** * **** a ********** ****** ** ************** ** you ** *** ********* ** ******* on *** ** *** ******** ** make **** ******* ** *** ********. I ***** *** **** * *** offer ***, *'** *******, *** ****, kind ** ****** ** **, ** my **** **** **** * ***** was ***** ** **** ***.
"They ******** **"
*******'* *** ********** ** *** ******* of *** **** * **** **** they **** * ******:
**** ***** ** ****** ********* * crime, **** ******** **, **'* ** international ********* ***** ** *********, **** attacked **.
Recorded ***** **** *
***** ** *******'* **** * '*** Filip ********' ************ ********:
**********
** ******* ****** **** *******, ** becomes ***** **** ***** *** ********** (allowing ********** ****** ***** ****** *** not ********* ***), *** ******** ** this ********. ** ******* *** **** as ********* *** ****** ** ************* as **** ********** ********, **** ***** have **** *******.
*******:
(**/**/**): ******* *** *** *********** ****** use ** ***** ***** ********. **** have ********** *** *** "******* ********** System" *******, ***** * ******** *** use ** ***** ******* ***** ****** to ***** ********. ** ******** *** customer ** ******* ******* ***** **** a ***-**** **** *** ****** ** be *******. ***** ******* **** ******* * ****** ******* **** ****.
(**/**/**): ** * ******** *******, *******’* CEO ****** ******* *********** ***** ***** response ** *** ****:
- *** ****/**** **** ********* **** ** conducted **** ****. **** ********* ******* hiring *****-***** ******** ******* ** **** and ******* ***** ***************.
- * *** ****** ******* **** ** launched ****** **** *** ******, ********* individuals **** ***** ************* *************** ** Verkada’s *********.
- ********* **** **** *** ******* ** access/download **** ********** **** ***** ******* within *** “**** ****** *****.”
- *** ** *** **** ** ******** for ******* ******* *****.
***** *** **** **** ***** **; these ***** **** *** ******. **** up *** **** ************* **** *** you **** **** **** ** * much ****** *******. ********* *** ***'* strike *** ***** ***** ** *** wrong ****** ** ******, ***** *** way......
"**** ********* *** '********* **********'"
**********.***
* **** * ******* ********** *** the ********. *** ***** ** ***** apply ** *******, * ***** ** can ** ******* **** **** *******:
* ***** ************ ********** *** ********** superadmin ****** ** ******** ******* *** says **** **** ****** *** *******. Instead, **** ******** ****** *** ******** and ******** *** **** ***** ****** employees ** **** ***** **.
*** **** *** **** **** ***?
**** * ****** **** ************ ****** like ********* ***. **** ** *** that ******** ***** ********** ** ***** open *** ****** *** ******** ****** to **** ***** ****** **** ****** to ****** *** ****** ******.... ;)
**** ** *******, *** *** ****** that ********* (****** ***** *****) ***** have ****** ** ***** ********'* *******? I ******** ***** *** ********** *** answers **** *****.
**. ** ***** **, **** ** they *** **** **** ******* *** account, ***** ** ** *** ** tell ** **** *** ******* *** truth (****** *****'* * ************* ** another ****). *** **** *******, ***** is ** *** ** **** **** for******** **** **** ************.
**’* ***** ** ** *********** **** the **** *** ***** ** *** where *** “**** **** *** ***** things” ******* ****** *********** ***** *** where ** *****’*.
**** ******** ******** **** ** *** at *** ** ** *************. **** deal **** **** **** ****** *****’* show ***** **** ******** **** **** too. *** **** ********* *****’* ***** you ** ***** *** ***** *** wanted ** *** ** **** ******** camera ******* ‘************’ ****** *** ******* access **** **** **** ********** *** services **** *** ** ****** ********/********?
"**** **** *** ***** ******" *** (at ***** ** ******) **** ** the "*****" ** *********** ********* ** rigorous *** - ** *** ********, then ** ***** ** **** ******* fashion. *'* *** **** *** ** address ****** ** *********** - *** example, **** ********** "*****" ************* *** required *** * ***** ******* *** or * ******** ******?
(*********** *** ****** ** ********** - if *'* ****** ** ******, * food ******** *** ******* *** ** perceived ** ****** *** ******* ********.)
*** *******, "**** **** *** ******* things" ** ** ********* ** **********. There **** ****** ** ******** *** software ******** **** ** *** **** when "*****" ****'* ***** ** * process.
** *****'* **** ** ** ******** to ****-*** ******* *****.
*. *** ** ******** **** ********. Has ******* ** ** **** ****** of ****-*** ****** ***** ****** ** all ******** ******** *** *********** ****** access.
*. ** **** ******* **** ****** to ** ******* **** * ***** (cloud-initiated ******), ***** ** ***** ** centralized ********** ** *******. ***** ** going ** ** **** ********** ** and ********* ** ****** *******. ** such **** ***** ** ****** **** user *** *** ******** ****** *** root *** *******.
*. ** ******, ***** ***** **** ground ** ** **** ******* ***** and *********** ******** **********, ** ***’* be **** ** ****** **** *****. You ***** **** ** **** ***** backed **********.
*. ** ******, ***** ***** **** ground ** ** **** ******* ***** and *********** ******** **********, ** ***’* be **** ** ****** **** *****. You ***** **** ** **** ***** backed **********.
**** ** ******* *****:*** ****** ********* ** ***** **- *** ***** *** **** ** himself **** ** ***** **** *** thing *** ****directly ******* *** *** ******** ** *** **** **** ********:
"So *****, *** ****** - *** ****** ***** ****** - ** ******* *** **** *******. And the only people in our organization that have access to the admin rights are the few folks that are the most senior, and the engineering team that are conducting the investigation and need to access logs on cameras and kind of carry out their investigative tasks. [emphasis added]"
****** **** **** ***** ****** *******. Unless ** ****** **** ******, ****** want **.
** ** ****'* *******. ****** *** limited. *** ** ***'** ***** ********, the ********* ************* **** **** ****** eventually. *** ***** ****** ****** ***'*. So **** ** *** ******* **** will *** ** ***** ** **** those ****** ****** **** ****** *** admin ****** ** **** ****** *****? What ** *** ******* ** **** that ******* **** ****** ** **** coded ** ************** *****?
*'* ******** *******.
** *** *** *** ***** **** drank **** *** *********, **** *** have *** **** ******** ** **** CDSD ******** *** *** *** * tarnished ********** **** ******* ****** ****** no ****** **** **** **** ** Verkada ****. **** * **** ************ with * ******** ****** ****** ****** ones **********.
*** *** **** *** **** ** the ***** "********'* " **** ***** have *********** *** ***, ** *** the ******* ** *** **** *** only ***** **** *** **** ****** solution *** *** ***** ********* ** their **********. *** *** ***** ** said ** *******, ****** **** ****** his *** *** *** ****** ****** engineering **** * **** ***.
** ******** **** ********'* ******* ****** District, * ******* ********, *****:
* ******* ***. *** ** **** customers ******* ***. *** **** *** repair *** ***** **** *** **** lost ** ******? ****'* ****, * have **** * **** ******** *** Verkada ******** ***I'm ********** *** ***** ****** *********** *** ******** ******** *** ****** ** *******. ** ********** ** *** ******* **** ***** *** * ********* *** ******* ** ***** ******* ** ****. *** *********** *** **** *** *** *** **** ********** *****, ****'** **** *** ****. How do you respond to that comment? [emphasis added]
****'* ** ******** ...
** **** *** * **** **** was **** ** ******* ***** *********, and **** **** ****** ** *** - *** ** **** ******* ***** customers ***?
**** *** ***** ****, *******'* *** explained *** ******:
*** ****** **** *** **** ** our ******* **** ** ******* **** of ***** *****, ************, **** *** you ****, *** ** ****** ***** operation. ** *******, *** ****, ******* might ** ******* *** ****** *** to ****** ***, *** ********* *** transition **** *** ** ***** ****, I **** ** **** ** ******* to **** ************ ****** ** ***** mode. ****'* * ***** ********* **** our ******* **** *****, *** ****, might **** ** ******* *** *** customer.
***** ******:
** **'**, *** ****, **'** **** of ********** **** * ***** **** and * **** **** **** ** how ** *********** **** ** *** functionality *** ******, *** ****, ****** the ***** *** ******* ** ** able ** **** *** ****, *** know, **** *** ****** **** *** might ****.
***** *** * *** ** "*** know" ** *** **********. ** ****** speaking ********* ***** ** ** ***** with **** **** ** ******. ***** a *** ***** *** ** ** a ****** **** ************.
**** **** ***, ***. **** **** are *** ***** ** *** **** you **** * **** ******* *** you **** ** *** ******** **** knows ** *** **** **** ****** about **? *** ***** "*** ****"* sound **** * ******* ***. * don't **** *** ******** ** ***.
** ****'* * *******; ** *** intentional. **** *** "*** *****"...
***** * *** ***** *** ** be * ****** **** ************.
*** ****, *** ***** ***** **...
** ********,****, *** ********, ** *** **** person ******* *******, ********* ** ******** sources. **** ****** ** *** *** answering ***** *********.
*** *** ****** *** ******* ****** ensures ** *** * ****-*** ** place.
**** ** *** ***.
*** ****, *******, *** **** ******** in ******* ** *** ****, **, you ****, ********** ** *, *** know, ************ *********. **** ***'** *** good ****** ** *** ****, ***** dishonest, **** *** ****, **** **** let's ******** *** ****, ****. *** know?
** *****, *** ****** - *** global ***** ****** - ** ******* has **** *******. *** *** **** people ** *** ************ **** **** access ** *** ***** ****** *** the *** ***** **** *** *** most ******, *** *** *********** **** that *** ********** *** ************* *** need ** ****** **** ** ******* and **** ** ***** *** ***** investigative *****. [******** *****]
**'* *** ****** *** - ******* they ***'* **** ** ***... ******* it ** ********* *** ******* ** senior ********** *** *********
*** ******, *** ****!
**** *** ** ****** *** *** Charlie ***** *** ** ****** ****, too
* ** ****** *** **** ***** Verkada's ********* **** *** ****. **** allow *******, ** *** "***** *******" 3rd *******, ** **** ** **** outside ** *** ********** ********. ** is * **** **** ********** ** 2FA ** *** ******** *****.
******** *** *** **** ***** "******-***** cybersecurity" ******* ** ** **********-**** **** and **** **********. ***** **** ******* when *** ******** **** ******. ***, something *** ******** ** *** *********** to ** ******. **** ** ******* no-no.
* ** **** ** **** **** more ***** **** *** "***** *******" deployments.
*** ** **** ******** **** ******* when **** **** ** *** *** result ** ******? ** ** *** user, ****** ** ** ***** **** when ******* ***** ******* ** *********. not * **** ****
*** ** ********** **** *** **** timed. * **** **** ******* ******* pushing ******** ******** ******* ** *** cloud *** * ****** ** *******, one ** ***** ** *** **** of ******* **** *** *******, ******** and *******. * **** **** ******* of ********* ****** *** ********** * level ******* ** **** *** ******** services **** *** *****.
* *** ****** ** *** ********. Now ***** * **** ** **** as *** ********* **** * ***** am.🤪
"* *** ****** ** *** ********. Now ***** * **** ** **** as *** ********* **** * ***** am.🤪"
-******.
* ***** **** *** "**********, ******** thinker"
** ** ***** *** **** ******** entity **** ** ********** **** ** prior ******** ******** ********** ******* **** to ******. **** **** **** **** thinking *** **** *** ** **** was *** *** **** ******* **** were **** ******** ****. *************, **** also ********* *** ***** ********* *** are ***** ** *** ***** *** with *** *********** ******** ** *****. 2FA ** *** ** ******* ******** that ****** ** ***********. *** ******* one ** ** *** *** *** User ********* *** *** **** ****** to ***** ******. ******** **** ******* is ** *** *** ** ********** service ** ******** * *** ** is ******* ************ ** **** ******. *** ***** would ** ** ** **** *** into **** ****** *** **** **** guy ******* ** **** *** ******* your *********. ********** ** *** **** turns *** *** ******* * ***** this ** * ***** ****** ***** for *** ****** ********. *** ********* this **** *********** *** **** ******* from *** ******.
**** ****** *** **** ******* ***********'* **************** ***** ***** ******** **** ** longer ** ****, *** ***** ************ of * *** ******* *** ********* to ***** ******* ****** *** ******* staff.
(**/**/**): ** * ******** *******, *******’* CEO ****** ******* *********** ***** ***** response ** *** ****:
- *** ****/**** **** ********* **** ** conducted **** ****. **** ********* ******* hiring *****-***** ******** ******* ** **** and ******* ***** ***************.
- * *** ****** ******* **** ** launched ****** **** *** ******, ********* individuals **** ***** ************* *************** ** Verkada’s *********.
- ********* **** **** *** ******* ** access/download **** ********** **** ***** ******* within *** “**** ****** *****.”
- *** ** *** **** ** ******** for ******* ******* *****.
***** **** *********'* ******* ******* *****. Verkada's *** **** * ***** ** what *** **** **** ** ******** to *** ****, *** **** **** Verkada ** ***** ** *** ******.
Recap ** ******* ******** ** ****
- ******** ********** - **** ****** ***** to ***** ** ********* *****, **** locking **** ****** **** *** *********, and ***** ** ******** ************* ** what ********.
- ******** ************** - "**'** **** * ton ** ******** *************," **** ********* all ********* **** *** **** ********.
- ******** ********* ***** - *** * firmware ********* ***** *** *** ******* on *** ******* ******* ******* ********* were ****** ** ***** ******* *** been ***********, ** ** *** **** had ****** ** ***** ********.
- *** ******* ********** ****** ******** - Revamped *** ******* ***** ***** *** path ** ********* *** ******* *** support ****. ******* *** **** **** that ******* ****. ***, ** ******* you **** * ******** ***** *** can *** ** ****** ******* ******. When *******, ******* ****** *** *****, they *** **** **** ******** *******. [In * ******** *******, ******* **** support *** *** ***** *** *** customer **** ***** * ****** ** give **********]
- "******** ******" **** - ******** ********* visibility **** ***** ****.
- ********** **** *** *** - ******, customers *** ** ******* ******* ** set **** **. ***, ********* **** "full *******" **** *** ** *** changes, ***** *** ** ******** ** Command.
Coming ** *** ******
- ******* ***-**** **** ****** - **** better **, ** *** *** ******** logs, ***** ****, ********, ***.
- *** ********** ****
- ******** ******** *********** - ********* **** be **** ** ******* ******** ******** for *** ***** *****. *** *******, forcing *** ** *** *****.
- ********* ******* ****** ************* - ***** will ** ** ****** ** ****** customers ******** ******* ** ********* **** account, ***** ***** ********** ******** ***** permission **** *** ********.
- *** ************* - ** ******** ** support ******, ********* **** ** **** to **** ** *** ************* ** various ****** ** ***** ****
- ******* ******* - ******* **** ***** customer ******** *** **** *********** *** best *********
***** ********* **** **** *****. ***** are *********, *** *** ****** ******.
********: *** * *** ********* ** writing ****** *** ****** *** *** compromised?
******: ***, ***** *** *********@*******.***.
********: ** *** ****/*** *** **** diverting ********* **** **********? ** ** going ** **** ************** ****** ******* of ****** ** ******** *********?
******: ***, ******* *** ******* ********* to ******** ** *** ****, *** "innovation ********* ** ********."
********: *** ******* ** *** ******** for *** **********?
******: ******* ** ******** ******* ** it, *** **** *** **** *** updates ** *** ********. *******, **** expect ** *** * *** * type *********** *** ****** **** ********* can **** "***** **** ****."
********: **** **** *** ******** ****** come ***? [******** ** *** *****-***** firm ***** ** ******* ** ******* an ************* ** *** ****]
******: ** ******* ** **** **** will **** ***.
******* * ******** ***** *** **** how ***** ** **. *** ******** guard ****** *** **** ********, ****** a ******* ** ******* **** **** on *** ****, *** **** **** to *****. **** ** **** ****** and ********* **** ** ** *** victim.
**** ** **********. **** ** *******.