The Insecure Verkada Access Control System

By Brian Rhodes, Published Jun 25, 2020, 11:33am EDT

While Verkada touts the security of its system and that how their new door controller was "built from the ground up", one particularly surprising and insecure element is its dependence on Wiegand and lack of OSDP.

IPVM Image

Inside this note, the company answers why they made the choice and we examine how Wiegand represents a risk that most Verkada competitors have taken steps to mitigate.

[Update June 30, 2020 - Verkada tells IPVM they now plan to support 3rd party readers via OSDP "over the next 3-4 months."]

Verkada ****** ******** *******

*******'***** ************** ***** ***** *** party ******* *** ********* via *******:

IPVM Image

******* ** *********** *** unidirectional, ********* ** *** 1970s. **** ****** ********* now ***** *********, *** (bidirectional) *********************** ** *** ***-*****.

**** ***** *****-***** ****** platforms ******* ****. *** example, ******, *****, *** Feenics ******* ****, ** does ******* *** *******.

Points ** *** **** ***** ** *************

******* ********* ** **** saying **** ***** ** limit ******* ** ******** Wiegand ***** ** ****** use:

*****, ** ******* ******* as **** ** *** most ****** ******** **'** seen ** *** *****.

**** ***** *** ******** rates ** '******' **** as *** ******, ******* to** **** ******:

** *****'* **** *********** adoption ** **** (**** in *****:*****://****.***/*******/****-**) *** *** ******** to ******* *** ***** OSDP *** * ******** update ** *** ****** based ** ******** ******.

****** **** ***** ******** additional ******** ******** *********, and ** ******* ***** requires ******* **** **** a '******** ******', ** strongly ********* *** ******* to **** ** * priority ******.

OSDP **** ** ****-******** ******

***** ******* ****** ** low ******* **** ***, the ******** ** ****************** used **** ********** **** government *** ****-******** ********** customers.

** ********** ******* *** not ****, **** ** Verkada's ******** ********* **** not ** **** ** consider ** *** *** company's ****** ******.

Wiegand ******* ****

*******'* *******-**** ******* ******** an *********** ** ***** and **** **** *********** using ********** *** *********** snooper *******.

**** *******, *** **** between *** ****** *** controller ** *** ********* and '***-**-***-******' ************ ******* are **** ** *******.

** ******* ~$** ******,*** ******, ************ ***** ***** 60 *******, *** ** done **** *** ******/********* side ** *** ****, and ** ************ ** the ****** *** ****** managers.

IPVM Image

*** *********** ******* **** can **** ** **** to ****** ********* ****** of ***** ***** ** to ****** ****** ********** data ***** **** ******, bypassing ******* ********.

*** ***** ***** ***** how ***** ******** *** typically *********:

******* ******** *** **** and *********** ** ***, with **** **************** ~$** - $** online.

Verkada's **** ******* ** ******* ****** *******

****$** ******* ******* ****** in ******* ****, *** ******* *** ample ********* ** ******* OSDP ******* ** *** access ****.

***** *** '***-***' ********** design ** *** * private-labeled *******, *** ******* has ******* ******* *********** and ******* *********** ** the *******, *** ** OSDP ******* ********* * lack ** ****** ***********, not * ******* ** constrained *********.

Fundamentally, ******* ** * ************* ****

******* ******** *** ******** of ***** *********, ******* it '*******-******** ** **** **** data ****** *** ****'.

****** ** *** *******'* '************* **********' *****, ******* ***** their ********** ** ********, claiming * ******** ** 'Removing ******** ***************'. *******, omitting **** ******* ****** customers **** * **** documented *** ******** *************.

Verkada, *** ****

** ******* ** ** truly ********* ** ************* as **** *****, *** company ****** *********** **** Wiegand *** *** **** support.

UPDATE, ******* ** *** **** *** ***** *******

***, ******* **** **** "expect ** **** *** support *** *** ***** OSDP ******* **** *** next *-* ******." **** also ****** **** ******* on ***** **** ********, copied *****:

1OSDP *******: We have built the hardware to support OSDP (we have a 4-wire input next to the 6-wire input for Wiegand, designed for OSDP readers). To be clear about what we support initially, we informed you and our partners that we do not support OSDP in the first version of the product. We have always planned to launch OSDP for all devices (third party devices and a potential Verkada reader) in the near future.

** *** **** **** of **** - *** the **** ****** ** the ******** ***** ** easy *** ********** ** use. ** **** ***** in **** ******* **** our *******. ** *** diagram ********** ** ****, you'll ****** * *-**** input ***** ****** *** 6-wire ***** *** *******. That ** ******** *** OSDP *******. ** *** advocates ** ***** ****** protocols, ** *** **** advocates *** * *****-***** security ****** **** ******** access ******* *** ***** for ****-**** ************ ** well.

*'* **** ***'** ***** that ******** ** *** technologies - **** ****** ones, ***** **** ******. The **** ******** ** customers **** ******** ******* infrastructure, *** ********** ***** lead **** ******* ************** as ****. ******* ** this, ** **** **** a ********* ******** ** support **** ******* *** OSDP *********. **** ** re-cabling ** ********** ***-*** readers ** ***** ****** not ** *** ****** - *** ** ***'* think **** ****** ******* folks **** ********** **** integrated ********! *** **** of *** *********, ** are **** ** **** their ******** ****** ************** more ****** *** ****** resistant. *** ******* ******* surveillance **** *** ****** and *****, ******* *** person *** ****** ******** capabilities ** *** ****** security ***** ***** *** tampering ****** *** ***** or **** * ****** of ******** *** **** identified. ** **** **** the ********** ******** ** these ****** ************* ****** as *** ******** ** the ******* ***** ****** a ******** ****** ****** would ** **** ******* and ********* ******* ******* Command.

Comments (31)

****** ** **** *** everywhere. **** ****** **** where *** *** *** one ** *****?

***** *** *** *** RFID **** ** ***************. I **** ** **** easier ** *** **** the *** ********* **** Wi-Fi *** ** **** not ******* * *******.

**** ** * ****** mistake *** * ** disappointed *** *** ********* at ***. **** *** kind ** ***** **** raised **** *** ******* capable ** ***** ******. From ************ ** *** EAC ********** ** ******* was ****** **** *** it ***** *** ****** what **** *** *** skip **** ** *** to ******?

*** ***, **** ********** is *****-***** **** ** offline ************. ********* ** employee, *** **** *** is ****** ******? **** card ** ******* ******.

************, *** **** ** any */* ***** **** a *** ** ******** on *****-***** ******. ***** intercoms, **** ******* *******, door *********, *********.

*'* ** ******* ** hear * ******** **** the ****** *** *********. Why **** *********, ** what ***** **** ********* with.

** *** ******** * Veraki ***** *** ****** to ****** *** **** a ***** **.

*** *** ** ****, Daniel. *'* ******* ** see ** **'* * disagreement **** *******, * loyal **********, ** *********.

****'** ****** *** ******** to *** *********, *** this ****** ******* ******* is... *** ** ** say ****...

****.

***...*** ** ****. **** like ** '**** ****' to **. **** ****** (US)$80 *** ?*** ******** would ***** *** **** sort ** ***** ****** in. **** ** *******, you *****'** **** ****** than ****!

**** ***** ***** ** valid *** *** *** panel **** *****'* ****** on *** *** **** the **** *** ******. If **** *** ** down **** ****** ********* just ****'* ***** ** be ******* ******* ******* they **** ** **** to *** ***** ** over **** ********** ***.

******* ***** ** **** second *****. *** ****** is ****-***** *** ************ beyond * **** ******* configuration.

***** ** *** "***** and ********" ****** :)

*** **** **** *** need ******** ** ******** as **** ** ** is ** *** **** network ******* ** *** device (********) *** *** using. * **** *** AC41 ********* ** *** office *** **** **** using ** *** ***** a ****. ***** * am **** ***** **** be **** ** ***** are ** *** ***** new *******, ************* ******* is ***** ** *** them.

******, ** #** - This ******* **** **** I ******* **** ****.

*** *** ******* ** you *** ***/****** *********** or ****** ****** ******* internet ************?

******* ******* (**** **) they *****:

********: ** *** ******* OSDP?

********: ****, ** ******* support **** *** *** own ******* **'** ** extending **** ******* *** 3rd ***** ******* **** the ****

(****** *****, *** *** exact **********)

*** '*' ** **** stands *** '****', ***** means ** ** ************* and *** *********** ** just ******* *******.

** *** (*** **********) Verkada ****** **** *** OSDP, **** **** ***** the ********** **** ******* other *** ***** **** readers ** ****, ** the '********* **** *** road' ********* *********** *** claim.

** ** ***** ? Spec ***** *****’* ***. Online ******* *****’* **** UL *******.

*** ***** *** * miss. ***** ******* ********** and ***** **** ** understanding ******/******** ******** *** the ******.

******* ** ** **** they **** ******* ***** cameras ******* **** ********* chips *** ******* **** the **** *********** ******** on *** ******.

**** **** ** ***** in *-* ***** **** they *** ***** **** underneath ****. ** ***** is **** **** ** post-ipo ** ****.

*** ******* ******** ****** Control ******* **** **** was * ******** **** and ******* **** * Time ***** ***** *****. I ******* ***** ** minutes ***** *** **** did ** **** ***** how ***** **** ***, how **** ********* **** have *** *** **** people ****** ** *** the *******.

**** * **** **** to *** ******* **** support *** *** ****, I *** **** **** people **** ***** **** Wiegand ** ** ***** the **** ** *****-*******.

#***************

* ***** ** *** totally "**** *** *****" type ** *******. ***** frankly * *** ******* listening ** **. *******, everything ****** ***** ****** wise, ********** **** *** said *** ********, **** had * ******** ******** and ** *** *** not **** *** ****** it ***** ** **** to ** ****** **.

** *** **** * bunch ** *** ******** some ***** **** ****** and ******* ** *** the **** ***** ***** sliced ***** **** ****** they **** ******* ***** things ** ***** ***** DX8000 ***** **.....

***** * ***'* ******** with ******** ****** *** said ***** ****, ** aren't ******* ***** ****** audience.

*** ** *** ***** feel? *** ** ******** Verkada ********* ****? ** they **** **** **** OSDP **? ** **** care? **** ******, *** that's *** *** ********.

*** ****** **** ** prevent ******** ***** **** and ** ***** ********* on ** ******** ********** to ******* ** ** good *** ********** ** enterprise ********** **** * security *** *********** **********.

******* ****** **** * proprietary ***** ****** **** uses *** ******* ******** would ** * ****** pill ** *******; ********** at *** ***** ***** they *** ********. ****** out ** *** **** with ******* *** * bad ****.

**** **** **** **** the ********* *** ** use **** ********, **** have **** **** *** a **** **** ** stop ******* ***** *********** who ***** ********* * camera ** ***** **** run *** ******* ***** they *** ****** ****** and ****** ****** ******** and ***** ** ******** security ****** ** *** company, *** *** **** like ** ** ** sell, ****, ****. **** one ** ***** ***** told ** *** ****, the **** *** **** make *** ******* ** if ******* ***** *** says "*'* ***** ** purchase * ****** ** dollars *** **********, * want **** ******* ** it". ************* *** ****, they ***'* ********** **** they *** ******* *********** not **** ** *** security ********, *** ****** their *** ******* *** are *** ******* ** different *********. **** **** to **** ******** **** they *** * ******** company *** **** **** a ******** ********...............***** *** day **** **** *** the ***** **** *** security ******** ** * whole ********* ******..

**** ***'* ********** **** they *** ******* *********** not **** ** *** security ********, *** ****** their *** ******* *** are *** ******* ** different *********.

***** **** ** ********** and ***'* **** ******* they *** ***** ****** money. ***** *** ***** whole ******* ** ****'** different **** *** "***********" members ** *** ******** industry, ***** *** **** confusing *** ****** *** haven't **** ***** ** it. **** *** **** non ******** ****** *** being *** ** ****** of ********. ****** ** people. *** ** ***** and ******** ***** ****** be ****** *****, *** they *** ** ****** different. ** **** ************, trying ** ** *** same *****, **** ** different ******* ** *** business. *** ** **** far **** **** *****, even ***********.

*'** ****** **** ******* as **** ******* ** company. ********* ** ****** seem ** ****, ** evident ** *** **** they ******** ** **** sales *** *****. ** people ***'* ****** ***** physical. **** ****** ***** threat *** ** ******* by * ******** ****, or **** ************. * am ************ * ***, but * ** ****** not **** *** ***. The ****** ** ** people *'** **** ** my *** **** ****** prop ***** ****, *** people **** ***** ******* thinking, **** ***** *** critical ************** ***** (**** centers/rooms).

******** **** ***** ** be ******* *******, *** I'm *** *** ** say **** ****'* ** blame, *** * ***'* think *** ***** ****** land ****** ** ****. We ** *** ******** industry **** ***** ***** the ******** ** ******* for * **** ****. But ** **** ***** continue ** **** **.

** **** ****** ** tell ********* ** *** better **** ******* ******* we *** ****, *** yet ****'* ****** **** we ***'*. ** ** we **** ******* ** get ******, ***** ** need ** *** ****** first. ******* ******. ******* customers ******* *** **** get * **** *** of ** ** ***. Read *** ******* **** t ** ******, **** of ****** *** **** suggest **, *** **** put ** ******* ** customers ***'* **** ** pay *** ***** *** OSDP. ** ** ***'** already ***** **** **** your *** *********, *** would ******* ** *** different?

* *** ****** ****-******* when **** ***** ****** up. ***** ****** *** a **** ***, *** starting ** *** * lot ** ********* **** people ******* **** ***. Maybe * *** ** jealousy, * ***'* ****.

*** ******** ******** ***** slamming ** ***** ***** have * *** **** credibility ** **** ** percent ** ******* ** the ***** **** * simple ****** ****** ** mitigate *** *** ******. I ***** *** ****** will ** **** ******** to *** ******. ****** to *** *****. ******** down-time ******* ** *** reader ** ******* ** the **** **********.

***

* ******** *****. *** simple **** ** **** if *** ****** ***** the ******** ** *** reader, **** *** ******* point (*****) **** **** typically ** ** *** reader. ** **** ** so **** **** **** the ****** *** *** wall & *** **** direct ****** ** *** lock ***** & **** can **** *** ****.

@**** -- ***** *** plenty ** ******* **** offer ****** ***** ******* so *** ***** ** not ** *** *********** reader. ****** ***** ********* is * ***** **** factor ** *** *** mount ** ****** **** from *** **** **** the ********* ****** ** very *****.

**** ***** ****, ***** are **** ***** **** call *** *********** ******, some **** *** **********. Best ** ** *** a ******** ****** **** supports **** ************ *******.

**** ** ****, ** even **** ****, ******* it ** **** ******* bit ** **** **** will ** ******* *******. I ********* **** ***** get ******* ** *** wall ****** ****** *** reader, **** **** ** pull *** *** **** etc. **** ** ******* the ****** ****** *** NOT ********* **** *** reading ****** ** *** relay ******. **** ********* just **** ** '****' command.

**** ****.. **** *** a ************ ** **** crappy *************. *** *** what **'* ***** ** current *** ******** **** have ********* ************* ** the ****** *****, ********* I ******'* **** ** secure ****** :)

**** ** *** **** of *** ******** ****? According ** ******* ** are *** "*********"!!

* ***** *** ***** that ** **** **** is **** *******'* ******** and ****** ********* ** one **** **** **********'* have *** ******* *** how ** **** **. Look ** *** *********** spend *** ***** ** is *********. **** *** targeting **** ********* ********. Verkada *****'* **** ** need **********'* ***********, **** need ********** *** **** is * *** **********. I **** ** *** it ** **** ** an ******** ** *******. They ********* **** ** a *** ********** *** are ********** **.

**** **** ******* *** mistakes *** **** **** make **** ******* **** do *** ******. ***** they **** *** *** enough ** ****** *** brand **** *** *** going ** ****** ** us "*********". *** **** would ** ****** ***** pushing *** *********** ************* partners ** *** ***** asses ** **** *** get ** ******** ** can ******* **** ** a ******* *******, ********* we **** *** ** installers *** *******...** ****** or ******.

**** ****** ****** * consulting ***. **'* * shame **** *** ********* to ***** **** **** funded ******* **** ******, means **** *** ******* adapt. **** ********* ** effectively ***** *&*.

* ****** ** '** Honda ****** **** * realized **** **** *** wave ** *** ****** to ******* **** *** American *****. * ***** it *** ** *** one ******* ****, * 3 ***** ********* ************.

*** **** **** *** '83 ****** *** * 4 ***** *** *** rest ** *******.

***'* ******* **** *** graveyard. ***** **** *** girls *** ****. ***** access ******* ************ ***** was ********** *** **** are ***** ***** *** game - ****, ********* UTC *** ********.

*****'* ***** * **** valid **** ******* *** traditional ******* **** * lot ** ********* *** hard ******* ***** *** rule *** ** *** to ************* *** ***********.

Read this IPVM report for free.

This article is part of IPVM's 6,653 reports, 896 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports