The Insecure Verkada Access Control System

By: Brian Rhodes, Published on Jun 25, 2020

While Verkada touts the security of its system and that how their new door controller was "built from the ground up", one particularly surprising and insecure element is its dependence on Wiegand and lack of OSDP.

IPVM Image

Inside this note, the company answers why they made the choice and we examine how Wiegand represents a risk that most Verkada competitors have taken steps to mitigate.

[Update June 30, 2020 - Verkada tells IPVM they now plan to support 3rd party readers via OSDP "over the next 3-4 months."]

***** ******* ***** *** security ** *** ****** and **** *** ******** **** ********** *** "built **** *** ****** up", *** ************ ********** and ******** ******* ** its ********** ** ******* and **** ** ****.

IPVM Image

****** **** ****, *** company ******* *** **** made *** ****** *** we ******* *** ******* represents * **** **** most ******* *********** **** taken ***** ** ********.

[****** **** **, **** - ******* ***** **** they *** **** ** support *** ***** ******* via **** "**** *** next *-* ******."]

[***************]

Verkada ****** ******** *******

*******'***** ************** ***** ***** *** party ******* *** ********* via *******:

IPVM Image

******* ** *********** *** unidirectional, ********* ** *** 1970s. **** ****** ********* now ***** *********, *** (bidirectional) *********************** ** *** ***-*****.

**** ***** *****-***** ****** platforms ******* ****. *** example, ******, *****, *** Feenics ******* ****, ** does ******* *** *******.

Points ** *** **** ***** ** *************

******* ********* ** **** saying **** ***** ** limit ******* ** ******** Wiegand ***** ** ****** use:

*****, ** ******* ******* as **** ** *** most ****** ******** **'** seen ** *** *****.

**** ***** *** ******** rates ** '******' **** as *** ******, ******* to** **** ******:

** *****'* **** *********** adoption ** **** (**** in *****:*****://****.***/*******/****-**) *** *** ******** to ******* *** ***** OSDP *** * ******** update ** *** ****** based ** ******** ******.

****** **** ***** ******** additional ******** ******** *********, and ** ******* ***** requires ******* **** **** a '******** ******', ** strongly ********* *** ******* to **** ** * priority ******.

OSDP **** ** ****-******** ******

***** ******* ****** ** low ******* **** ***, the ******** ** ****************** used **** ********** **** government *** ****-******** ********** customers.

** ********** ******* *** not ****, **** ** Verkada's ******** ********* **** not ** **** ** consider ** *** *** company's ****** ******.

Wiegand ******* ****

*******'* *******-**** ******* ******** an *********** ** ***** and **** **** *********** using ********** *** *********** snooper *******.

**** *******, *** **** between *** ****** *** controller ** *** ********* and '***-**-***-******' ************ ******* are **** ** *******.

** ******* ~$** ******,*** ******, ************ ***** ***** 60 *******, *** ** done **** *** ******/********* side ** *** ****, and ** ************ ** the ****** *** ****** managers.

IPVM Image

*** *********** ******* **** can **** ** **** to ****** ********* ****** of ***** ***** ** to ****** ****** ********** data ***** **** ******, bypassing ******* ********.

*** ***** ***** ***** how ***** ******** *** typically *********:

******* ******** *** **** and *********** ** ***, with **** **************** ~$** - $** online.

Verkada's **** ******* ** ******* ****** *******

****$** ******* ******* ****** in ******* ****, *** ******* *** ample ********* ** ******* OSDP ******* ** *** access ****.

***** *** '***-***' ********** design ** *** * private-labeled *******, *** ******* has ******* ******* *********** and ******* *********** ** the *******, *** ** OSDP ******* ********* * lack ** ****** ***********, not * ******* ** constrained *********.

Fundamentally, ******* ** * ************* ****

******* ******** *** ******** of ***** *********, ******* it '*******-******** ** **** **** data ****** *** ****'.

****** ** *** *******'* '************* **********' *****, ******* ***** their ********** ** ********, claiming * ******** ** 'Removing ******** ***************'. *******, omitting **** ******* ****** customers **** * **** documented *** ******** *************.

Verkada, *** ****

** ******* ** ** truly ********* ** ************* as **** *****, *** company ****** *********** **** Wiegand *** *** **** support.

UPDATE, ******* ** *** **** *** ***** *******

***, ******* **** **** "expect ** **** *** support *** *** ***** OSDP ******* **** *** next *-* ******." **** also ****** **** ******* on ***** **** ********, copied *****:

1OSDP *******: We have built the hardware to support OSDP (we have a 4-wire input next to the 6-wire input for Wiegand, designed for OSDP readers). To be clear about what we support initially, we informed you and our partners that we do not support OSDP in the first version of the product. We have always planned to launch OSDP for all devices (third party devices and a potential Verkada reader) in the near future.

** *** **** **** of **** - *** the **** ****** ** the ******** ***** ** easy *** ********** ** use. ** **** ***** in **** ******* **** our *******. ** *** diagram ********** ** ****, you'll ****** * *-**** input ***** ****** *** 6-wire ***** *** *******. That ** ******** *** OSDP *******. ** *** advocates ** ***** ****** protocols, ** *** **** advocates *** * *****-***** security ****** **** ******** access ******* *** ***** for ****-**** ************ ** well.

*'* **** ***'** ***** that ******** ** *** technologies - **** ****** ones, ***** **** ******. The **** ******** ** customers **** ******** ******* infrastructure, *** ********** ***** lead **** ******* ************** as ****. ******* ** this, ** **** **** a ********* ******** ** support **** ******* *** OSDP *********. **** ** re-cabling ** ********** ***-*** readers ** ***** ****** not ** *** ****** - *** ** ***'* think **** ****** ******* folks **** ********** **** integrated ********! *** **** of *** *********, ** are **** ** **** their ******** ****** ************** more ****** *** ****** resistant. *** ******* ******* surveillance **** *** ****** and *****, ******* *** person *** ****** ******** capabilities ** *** ****** security ***** ***** *** tampering ****** *** ***** or **** * ****** of ******** *** **** identified. ** **** **** the ********** ******** ** these ****** ************* ****** as *** ******** ** the ******* ***** ****** a ******** ****** ****** would ** **** ******* and ********* ******* ******* Command.

Comments (29)

****** ** **** *** everywhere. **** ****** **** where *** *** *** one ** *****?

***** *** *** *** RFID **** ** ***************. I **** ** **** easier ** *** **** the *** ********* **** Wi-Fi *** ** **** not ******* * *******.

**** ** * ****** mistake *** * ** disappointed *** *** ********* at ***. **** *** kind ** ***** **** raised **** *** ******* capable ** ***** ******. From ************ ** *** EAC ********** ** ******* was ****** **** *** it ***** *** ****** what **** *** *** skip **** ** *** to ******?

*** ***, **** ********** is *****-***** **** ** offline ************. ********* ** employee, *** **** *** is ****** ******? **** card ** ******* ******.

************, *** **** ** any */* ***** **** a *** ** ******** on *****-***** ******. ***** intercoms, **** ******* *******, door *********, *********.

*'* ** ******* ** hear * ******** **** the ****** *** *********. Why **** *********, ** what ***** **** ********* with.

** *** ******** * Veraki ***** *** ****** to ****** *** **** a ***** **.

*** *** ** ****, Daniel. *'* ******* ** see ** **'* * disagreement **** *******, * loyal **********, ** *********.

****'** ****** *** ******** to *** *********, *** this ****** ******* ******* is... *** ** ** say ****...

****.

***...*** ** ****. **** like ** '**** ****' to **. **** ****** (US)$80 *** ?*** ******** would ***** *** **** sort ** ***** ****** in. **** ** *******, you *****'** **** ****** than ****!

**** ***** ***** ** valid *** *** *** panel **** *****'* ****** on *** *** **** the **** *** ******. If **** *** ** down **** ****** ********* just ****'* ***** ** be ******* ******* ******* they **** ** **** to *** ***** ** over **** ********** ***.

******* ***** ** **** second *****. *** ****** is ****-***** *** ************ beyond * **** ******* configuration.

***** ** *** "***** and ********" ****** :)

*** **** **** *** need ******** ** ******** as **** ** ** is ** *** **** network ******* ** *** device (********) *** *** using. * **** *** AC41 ********* ** *** office *** **** **** using ** *** ***** a ****. ***** * am **** ***** **** be **** ** ***** are ** *** ***** new *******, ************* ******* is ***** ** *** them.

******, ** #** - This ******* **** **** I ******* **** ****.

*** *** ******* ** you *** ***/****** *********** or ****** ****** ******* internet ************?

******* ******* (**** **) they *****:

********: ** *** ******* OSDP?

********: ****, ** ******* support **** *** *** own ******* **'** ** extending **** ******* *** 3rd ***** ******* **** the ****

(****** *****, *** *** exact **********)

*** '*' ** **** stands *** '****', ***** means ** ** ************* and *** *********** ** just ******* *******.

** *** (*** **********) Verkada ****** **** *** OSDP, **** **** ***** the ********** **** ******* other *** ***** **** readers ** ****, ** the '********* **** *** road' ********* *********** *** claim.

** ** ***** ? Spec ***** *****’* ***. Online ******* *****’* **** UL *******.

*** ***** *** * miss. ***** ******* ********** and ***** **** ** understanding ******/******** ******** *** the ******.

******* ** ** **** they **** ******* ***** cameras ******* **** ********* chips *** ******* **** the **** *********** ******** on *** ******.

**** **** ** ***** in *-* ***** **** they *** ***** **** underneath ****. ** ***** is **** **** ** post-ipo ** ****.

*** ******* ******** ****** Control ******* **** **** was * ******** **** and ******* **** * Time ***** ***** *****. I ******* ***** ** minutes ***** *** **** did ** **** ***** how ***** **** ***, how **** ********* **** have *** *** **** people ****** ** *** the *******.

**** * **** **** to *** ******* **** support *** *** ****, I *** **** **** people **** ***** **** Wiegand ** ** ***** the **** ** *****-*******.

#***************

* ***** ** *** totally "**** *** *****" type ** *******. ***** frankly * *** ******* listening ** **. *******, everything ****** ***** ****** wise, ********** **** *** said *** ********, **** had * ******** ******** and ** *** *** not **** *** ****** it ***** ** **** to ** ****** **.

** *** **** * bunch ** *** ******** some ***** **** ****** and ******* ** *** the **** ***** ***** sliced ***** **** ****** they **** ******* ***** things ** ***** ***** DX8000 ***** **.....

***** * ***'* ******** with ******** ****** *** said ***** ****, ** aren't ******* ***** ****** audience.

*** ** *** ***** feel? *** ** ******** Verkada ********* ****? ** they **** **** **** OSDP **? ** **** care? **** ******, *** that's *** *** ********.

*** ****** **** ** prevent ******** ***** **** and ** ***** ********* on ** ******** ********** to ******* ** ** good *** ********** ** enterprise ********** **** * security *** *********** **********.

******* ****** **** * proprietary ***** ****** **** uses *** ******* ******** would ** * ****** pill ** *******; ********** at *** ***** ***** they *** ********. ****** out ** *** **** with ******* *** * bad ****.

**** **** **** **** the ********* *** ** use **** ********, **** have **** **** *** a **** **** ** stop ******* ***** *********** who ***** ********* * camera ** ***** **** run *** ******* ***** they *** ****** ****** and ****** ****** ******** and ***** ** ******** security ****** ** *** company, *** *** **** like ** ** ** sell, ****, ****. **** one ** ***** ***** told ** *** ****, the **** *** **** make *** ******* ** if ******* ***** *** says "*'* ***** ** purchase * ****** ** dollars *** **********, * want **** ******* ** it". ************* *** ****, they ***'* ********** **** they *** ******* *********** not **** ** *** security ********, *** ****** their *** ******* *** are *** ******* ** different *********. **** **** to **** ******** **** they *** * ******** company *** **** **** a ******** ********...............***** *** day **** **** *** the ***** **** *** security ******** ** * whole ********* ******..

**** ***'* ********** **** they *** ******* *********** not **** ** *** security ********, *** ****** their *** ******* *** are *** ******* ** different *********.

***** **** ** ********** and ***'* **** ******* they *** ***** ****** money. ***** *** ***** whole ******* ** ****'** different **** *** "***********" members ** *** ******** industry, ***** *** **** confusing *** ****** *** haven't **** ***** ** it. **** *** **** non ******** ****** *** being *** ** ****** of ********. ****** ** people. *** ** ***** and ******** ***** ****** be ****** *****, *** they *** ** ****** different. ** **** ************, trying ** ** *** same *****, **** ** different ******* ** *** business. *** ** **** far **** **** *****, even ***********.

*'** ****** **** ******* as **** ******* ** company. ********* ** ****** seem ** ****, ** evident ** *** **** they ******** ** **** sales *** *****. ** people ***'* ****** ***** physical. **** ****** ***** threat *** ** ******* by * ******** ****, or **** ************. * am ************ * ***, but * ** ****** not **** *** ***. The ****** ** ** people *'** **** ** my *** **** ****** prop ***** ****, *** people **** ***** ******* thinking, **** ***** *** critical ************** ***** (**** centers/rooms).

******** **** ***** ** be ******* *******, *** I'm *** *** ** say **** ****'* ** blame, *** * ***'* think *** ***** ****** land ****** ** ****. We ** *** ******** industry **** ***** ***** the ******** ** ******* for * **** ****. But ** **** ***** continue ** **** **.

** **** ****** ** tell ********* ** *** better **** ******* ******* we *** ****, *** yet ****'* ****** **** we ***'*. ** ** we **** ******* ** get ******, ***** ** need ** *** ****** first. ******* ******. ******* customers ******* *** **** get * **** *** of ** ** ***. Read *** ******* **** t ** ******, **** of ****** *** **** suggest **, *** **** put ** ******* ** customers ***'* **** ** pay *** ***** *** OSDP. ** ** ***'** already ***** **** **** your *** *********, *** would ******* ** *** different?

* *** ****** ****-******* when **** ***** ****** up. ***** ****** *** a **** ***, *** starting ** *** * lot ** ********* **** people ******* **** ***. Maybe * *** ** jealousy, * ***'* ****.

*** ******** ******** ***** slamming ** ***** ***** have * *** **** credibility ** **** ** percent ** ******* ** the ***** **** * simple ****** ****** ** mitigate *** *** ******. I ***** *** ****** will ** **** ******** to *** ******. ****** to *** *****. ******** down-time ******* ** *** reader ** ******* ** the **** **********.

***

* ******** *****. *** simple **** ** **** if *** ****** ***** the ******** ** *** reader, **** *** ******* point (*****) **** **** typically ** ** *** reader. ** **** ** so **** **** **** the ****** *** *** wall & *** **** direct ****** ** *** lock ***** & **** can **** *** ****.

@**** -- ***** *** plenty ** ******* **** offer ****** ***** ******* so *** ***** ** not ** *** *********** reader. ****** ***** ********* is * ***** **** factor ** *** *** mount ** ****** **** from *** **** **** the ********* ****** ** very *****.

**** ***** ****, ***** are **** ***** **** call *** *********** ******, some **** *** **********. Best ** ** *** a ******** ****** **** supports **** ************ *******.

**** ** ****, ** even **** ****, ******* it ** **** ******* bit ** **** **** will ** ******* *******. I ********* **** ***** get ******* ** *** wall ****** ****** *** reader, **** **** ** pull *** *** **** etc. **** ** ******* the ****** ****** *** NOT ********* **** *** reading ****** ** *** relay ******. **** ********* just **** ** '****' command.

**** ****.. **** *** a ************ ** **** crappy *************. *** *** what **'* ***** ** current *** ******** **** have ********* ************* ** the ****** *****, ********* I ******'* **** ** secure ****** :)

**** ** *** **** of *** ******** ****? According ** ******* ** are *** "*********"!!

* ***** *** ***** that ** **** **** is **** *******'* ******** and ****** ********* ** one **** **** **********'* have *** ******* *** how ** **** **. Look ** *** *********** spend *** ***** ** is *********. **** *** targeting **** ********* ********. Verkada *****'* **** ** need **********'* ***********, **** need ********** *** **** is * *** **********. I **** ** *** it ** **** ** an ******** ** *******. They ********* **** ** a *** ********** *** are ********** **.

**** **** ******* *** mistakes *** **** **** make **** ******* **** do *** ******. ***** they **** *** *** enough ** ****** *** brand **** *** *** going ** ****** ** us "*********". *** **** would ** ****** ***** pushing *** *********** ************* partners ** *** ***** asses ** **** *** get ** ******** ** can ******* **** ** a ******* *******, ********* we **** *** ** installers *** *******...** ****** or ******.

Read this IPVM report for free.

This article is part of IPVM's 6,367 reports, 855 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

'Bunker Busting' Wireless Access Startup: Sure-Fi Profile on Oct 03, 2019
An access startup is claiming its 'bunker busting' wireless Wiegand radios can punch through 'any obstruction'. We examine their offering,...
Poor OSDP Usage Statistics 2019 on Jul 09, 2019
OSDP certainly offers advantages over decades-old Wiegand (see our OSDP Access Control Guide) but new IPVM statistics show that usage of OSDP, even...
OSDP Access Control Guide on Jun 04, 2019
Access control readers and controllers need to communicate. While Wiegand has been the de facto standard for decades, OSDP aims to solve major...
Alarm.com Favorability Results 2019 on Apr 15, 2019
The once dot com startup has evolved to become a core provider for home security and is now expanding into commercial. In their first entry in...
Bad: Dahua Villa Video Doorbell Tested on Jan 11, 2019
Doorbells are one of the hottest segments in the residential market but Dahua's Villa Video Doorbell is the worst we have tested. We bought and...
Wavelynx Access Control Manufacturer Profile on Jan 10, 2019
Denver-based WaveLynx is not well known as an access reader manufacturer, but OEMs for big industry brands including Amag, Isonas (Allegion),...
Anti-Tailgating Startup: Spyfloor on Oct 03, 2018
A Canadian startup, Spyfloor, is using a different approach to warn against tailgating, a common access control problem. By counting feet,...
Dahua Hard-Coded Credentials Vulnerability on Nov 20, 2017
A newly discovered Dahua backdoor is described by the researcher discovering it as: not the result of an accidental logic error or poor...
Dahua Access Control Tested on Oct 10, 2017
Can Dahua become a major force in access control? We bought Dahua's ASC1202B [link no longer available] to find out. We tested Dahua access and...
Genetec CEO Warns Against Insider Threats on Sep 21, 2017
With Dahua and Hikvision cybersecurity issues becoming indisputable, a new counter has emerged. Just put them behind a firewall, buy cheap...

Most Recent Industry Reports

Hikvision Illicitly Uses Back To The Future In Marketing on Jul 03, 2020
NBCUniversal told IPVM that Hikvision UK's ongoing coronavirus marketing campaign using NBCUniversal's assets was not allowed. Hikvision mass...
Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...
Vintra Presents FulcrumAI Face Recognition on Jul 02, 2020
Vintra presented its FulcrumAI face recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...
Uniview Wrist Temperature Reader Tested on Jul 02, 2020
Uniview is promoting measuring wrist temperatures whereas most others are just offering forehead or inner canthus measurements. But how well does...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the industry but an obvious one to the US FDA, that the thermal temperature...
Access Control Online Show - July 2020 - With 40+ Manufacturers - Register Now on Jul 01, 2020
IPVM is excited to announce our July 2020 Access Control Show. With 40+ companies presenting across 4 days, this is a unique opportunity to hear...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an expanding offering in the midst of coronavirus. Hanwha in partnership...
UK Government Says Fever Cameras "Unsuitable" on Jul 01, 2020
The UK government's medical device regulator, MHRA, told IPVM that fever-seeking thermal cameras are "unsuitable for this purpose" and recommends...
Camera Course Summer 2020 on Jun 30, 2020
This is the only independent surveillance camera course, based on in-depth product and technology testing. Lots of manufacturer training...
Worst Over But Integrators Still Dealing With Coronavirus Problems (June Statistics) on Jun 30, 2020
While numbers of integrators very impacted by Coronavirus continue to drop, most are still moderately dealing with the pandemic's problems, June...