The Insecure Verkada Access Control System

By: Brian Rhodes, Published on Jun 25, 2020

While Verkada touts the security of its system and that how their new door controller was "built from the ground up", one particularly surprising and insecure element is its dependence on Wiegand and lack of OSDP.

IPVM Image

Inside this note, the company answers why they made the choice and we examine how Wiegand represents a risk that most Verkada competitors have taken steps to mitigate.

[Update June 30, 2020 - Verkada tells IPVM they now plan to support 3rd party readers via OSDP "over the next 3-4 months."]

Verkada ****** ******** *******

*******'***** ************** ***** ***** *** party ******* *** ********* via *******:

IPVM Image

******* ** *********** *** unidirectional, ********* ** *** 1970s. **** ****** ********* now ***** *********, *** (bidirectional) *********************** ** *** ***-*****.

**** ***** *****-***** ****** platforms ******* ****. *** example, ******, *****, *** Feenics ******* ****, ** does ******* *** *******.

Points ** *** **** ***** ** *************

******* ********* ** **** saying **** ***** ** limit ******* ** ******** Wiegand ***** ** ****** use:

*****, ** ******* ******* as **** ** *** most ****** ******** **'** seen ** *** *****.

**** ***** *** ******** rates ** '******' **** as *** ******, ******* to** **** ******:

** *****'* **** *********** adoption ** **** (**** in *****:*****://****.***/*******/****-**) *** *** ******** to ******* *** ***** OSDP *** * ******** update ** *** ****** based ** ******** ******.

****** **** ***** ******** additional ******** ******** *********, and ** ******* ***** requires ******* **** **** a '******** ******', ** strongly ********* *** ******* to **** ** * priority ******.

OSDP **** ** ****-******** ******

***** ******* ****** ** low ******* **** ***, the ******** ** ****************** used **** ********** **** government *** ****-******** ********** customers.

** ********** ******* *** not ****, **** ** Verkada's ******** ********* **** not ** **** ** consider ** *** *** company's ****** ******.

Wiegand ******* ****

*******'* *******-**** ******* ******** an *********** ** ***** and **** **** *********** using ********** *** *********** snooper *******.

**** *******, *** **** between *** ****** *** controller ** *** ********* and '***-**-***-******' ************ ******* are **** ** *******.

** ******* ~$** ******,*** ******, ************ ***** ***** 60 *******, *** ** done **** *** ******/********* side ** *** ****, and ** ************ ** the ****** *** ****** managers.

IPVM Image

*** *********** ******* **** can **** ** **** to ****** ********* ****** of ***** ***** ** to ****** ****** ********** data ***** **** ******, bypassing ******* ********.

*** ***** ***** ***** how ***** ******** *** typically *********:

******* ******** *** **** and *********** ** ***, with **** **************** ~$** - $** online.

Verkada's **** ******* ** ******* ****** *******

****$** ******* ******* ****** in ******* ****, *** ******* *** ample ********* ** ******* OSDP ******* ** *** access ****.

***** *** '***-***' ********** design ** *** * private-labeled *******, *** ******* has ******* ******* *********** and ******* *********** ** the *******, *** ** OSDP ******* ********* * lack ** ****** ***********, not * ******* ** constrained *********.

Fundamentally, ******* ** * ************* ****

******* ******** *** ******** of ***** *********, ******* it '*******-******** ** **** **** data ****** *** ****'.

****** ** *** *******'* '************* **********' *****, ******* ***** their ********** ** ********, claiming * ******** ** 'Removing ******** ***************'. *******, omitting **** ******* ****** customers **** * **** documented *** ******** *************.

Verkada, *** ****

** ******* ** ** truly ********* ** ************* as **** *****, *** company ****** *********** **** Wiegand *** *** **** support.

UPDATE, ******* ** *** **** *** ***** *******

***, ******* **** **** "expect ** **** *** support *** *** ***** OSDP ******* **** *** next *-* ******." **** also ****** **** ******* on ***** **** ********, copied *****:

1OSDP *******: We have built the hardware to support OSDP (we have a 4-wire input next to the 6-wire input for Wiegand, designed for OSDP readers). To be clear about what we support initially, we informed you and our partners that we do not support OSDP in the first version of the product. We have always planned to launch OSDP for all devices (third party devices and a potential Verkada reader) in the near future.

** *** **** **** of **** - *** the **** ****** ** the ******** ***** ** easy *** ********** ** use. ** **** ***** in **** ******* **** our *******. ** *** diagram ********** ** ****, you'll ****** * *-**** input ***** ****** *** 6-wire ***** *** *******. That ** ******** *** OSDP *******. ** *** advocates ** ***** ****** protocols, ** *** **** advocates *** * *****-***** security ****** **** ******** access ******* *** ***** for ****-**** ************ ** well.

*'* **** ***'** ***** that ******** ** *** technologies - **** ****** ones, ***** **** ******. The **** ******** ** customers **** ******** ******* infrastructure, *** ********** ***** lead **** ******* ************** as ****. ******* ** this, ** **** **** a ********* ******** ** support **** ******* *** OSDP *********. **** ** re-cabling ** ********** ***-*** readers ** ***** ****** not ** *** ****** - *** ** ***'* think **** ****** ******* folks **** ********** **** integrated ********! *** **** of *** *********, ** are **** ** **** their ******** ****** ************** more ****** *** ****** resistant. *** ******* ******* surveillance **** *** ****** and *****, ******* *** person *** ****** ******** capabilities ** *** ****** security ***** ***** *** tampering ****** *** ***** or **** * ****** of ******** *** **** identified. ** **** **** the ********** ******** ** these ****** ************* ****** as *** ******** ** the ******* ***** ****** a ******** ****** ****** would ** **** ******* and ********* ******* ******* Command.

Comments (31)

****** ** **** *** everywhere. **** ****** **** where *** *** *** one ** *****?

***** *** *** *** RFID **** ** ***************. I **** ** **** easier ** *** **** the *** ********* **** Wi-Fi *** ** **** not ******* * *******.

**** ** * ****** mistake *** * ** disappointed *** *** ********* at ***. **** *** kind ** ***** **** raised **** *** ******* capable ** ***** ******. From ************ ** *** EAC ********** ** ******* was ****** **** *** it ***** *** ****** what **** *** *** skip **** ** *** to ******?

*** ***, **** ********** is *****-***** **** ** offline ************. ********* ** employee, *** **** *** is ****** ******? **** card ** ******* ******.

************, *** **** ** any */* ***** **** a *** ** ******** on *****-***** ******. ***** intercoms, **** ******* *******, door *********, *********.

*'* ** ******* ** hear * ******** **** the ****** *** *********. Why **** *********, ** what ***** **** ********* with.

** *** ******** * Veraki ***** *** ****** to ****** *** **** a ***** **.

*** *** ** ****, Daniel. *'* ******* ** see ** **'* * disagreement **** *******, * loyal **********, ** *********.

****'** ****** *** ******** to *** *********, *** this ****** ******* ******* is... *** ** ** say ****...

****.

***...*** ** ****. **** like ** '**** ****' to **. **** ****** (US)$80 *** ?*** ******** would ***** *** **** sort ** ***** ****** in. **** ** *******, you *****'** **** ****** than ****!

**** ***** ***** ** valid *** *** *** panel **** *****'* ****** on *** *** **** the **** *** ******. If **** *** ** down **** ****** ********* just ****'* ***** ** be ******* ******* ******* they **** ** **** to *** ***** ** over **** ********** ***.

******* ***** ** **** second *****. *** ****** is ****-***** *** ************ beyond * **** ******* configuration.

***** ** *** "***** and ********" ****** :)

*** **** **** *** need ******** ** ******** as **** ** ** is ** *** **** network ******* ** *** device (********) *** *** using. * **** *** AC41 ********* ** *** office *** **** **** using ** *** ***** a ****. ***** * am **** ***** **** be **** ** ***** are ** *** ***** new *******, ************* ******* is ***** ** *** them.

******, ** #** - This ******* **** **** I ******* **** ****.

*** *** ******* ** you *** ***/****** *********** or ****** ****** ******* internet ************?

******* ******* (**** **) they *****:

********: ** *** ******* OSDP?

********: ****, ** ******* support **** *** *** own ******* **'** ** extending **** ******* *** 3rd ***** ******* **** the ****

(****** *****, *** *** exact **********)

*** '*' ** **** stands *** '****', ***** means ** ** ************* and *** *********** ** just ******* *******.

** *** (*** **********) Verkada ****** **** *** OSDP, **** **** ***** the ********** **** ******* other *** ***** **** readers ** ****, ** the '********* **** *** road' ********* *********** *** claim.

** ** ***** ? Spec ***** *****’* ***. Online ******* *****’* **** UL *******.

*** ***** *** * miss. ***** ******* ********** and ***** **** ** understanding ******/******** ******** *** the ******.

******* ** ** **** they **** ******* ***** cameras ******* **** ********* chips *** ******* **** the **** *********** ******** on *** ******.

**** **** ** ***** in *-* ***** **** they *** ***** **** underneath ****. ** ***** is **** **** ** post-ipo ** ****.

*** ******* ******** ****** Control ******* **** **** was * ******** **** and ******* **** * Time ***** ***** *****. I ******* ***** ** minutes ***** *** **** did ** **** ***** how ***** **** ***, how **** ********* **** have *** *** **** people ****** ** *** the *******.

**** * **** **** to *** ******* **** support *** *** ****, I *** **** **** people **** ***** **** Wiegand ** ** ***** the **** ** *****-*******.

#***************

* ***** ** *** totally "**** *** *****" type ** *******. ***** frankly * *** ******* listening ** **. *******, everything ****** ***** ****** wise, ********** **** *** said *** ********, **** had * ******** ******** and ** *** *** not **** *** ****** it ***** ** **** to ** ****** **.

** *** **** * bunch ** *** ******** some ***** **** ****** and ******* ** *** the **** ***** ***** sliced ***** **** ****** they **** ******* ***** things ** ***** ***** DX8000 ***** **.....

***** * ***'* ******** with ******** ****** *** said ***** ****, ** aren't ******* ***** ****** audience.

*** ** *** ***** feel? *** ** ******** Verkada ********* ****? ** they **** **** **** OSDP **? ** **** care? **** ******, *** that's *** *** ********.

*** ****** **** ** prevent ******** ***** **** and ** ***** ********* on ** ******** ********** to ******* ** ** good *** ********** ** enterprise ********** **** * security *** *********** **********.

******* ****** **** * proprietary ***** ****** **** uses *** ******* ******** would ** * ****** pill ** *******; ********** at *** ***** ***** they *** ********. ****** out ** *** **** with ******* *** * bad ****.

**** **** **** **** the ********* *** ** use **** ********, **** have **** **** *** a **** **** ** stop ******* ***** *********** who ***** ********* * camera ** ***** **** run *** ******* ***** they *** ****** ****** and ****** ****** ******** and ***** ** ******** security ****** ** *** company, *** *** **** like ** ** ** sell, ****, ****. **** one ** ***** ***** told ** *** ****, the **** *** **** make *** ******* ** if ******* ***** *** says "*'* ***** ** purchase * ****** ** dollars *** **********, * want **** ******* ** it". ************* *** ****, they ***'* ********** **** they *** ******* *********** not **** ** *** security ********, *** ****** their *** ******* *** are *** ******* ** different *********. **** **** to **** ******** **** they *** * ******** company *** **** **** a ******** ********...............***** *** day **** **** *** the ***** **** *** security ******** ** * whole ********* ******..

**** ***'* ********** **** they *** ******* *********** not **** ** *** security ********, *** ****** their *** ******* *** are *** ******* ** different *********.

***** **** ** ********** and ***'* **** ******* they *** ***** ****** money. ***** *** ***** whole ******* ** ****'** different **** *** "***********" members ** *** ******** industry, ***** *** **** confusing *** ****** *** haven't **** ***** ** it. **** *** **** non ******** ****** *** being *** ** ****** of ********. ****** ** people. *** ** ***** and ******** ***** ****** be ****** *****, *** they *** ** ****** different. ** **** ************, trying ** ** *** same *****, **** ** different ******* ** *** business. *** ** **** far **** **** *****, even ***********.

*'** ****** **** ******* as **** ******* ** company. ********* ** ****** seem ** ****, ** evident ** *** **** they ******** ** **** sales *** *****. ** people ***'* ****** ***** physical. **** ****** ***** threat *** ** ******* by * ******** ****, or **** ************. * am ************ * ***, but * ** ****** not **** *** ***. The ****** ** ** people *'** **** ** my *** **** ****** prop ***** ****, *** people **** ***** ******* thinking, **** ***** *** critical ************** ***** (**** centers/rooms).

******** **** ***** ** be ******* *******, *** I'm *** *** ** say **** ****'* ** blame, *** * ***'* think *** ***** ****** land ****** ** ****. We ** *** ******** industry **** ***** ***** the ******** ** ******* for * **** ****. But ** **** ***** continue ** **** **.

** **** ****** ** tell ********* ** *** better **** ******* ******* we *** ****, *** yet ****'* ****** **** we ***'*. ** ** we **** ******* ** get ******, ***** ** need ** *** ****** first. ******* ******. ******* customers ******* *** **** get * **** *** of ** ** ***. Read *** ******* **** t ** ******, **** of ****** *** **** suggest **, *** **** put ** ******* ** customers ***'* **** ** pay *** ***** *** OSDP. ** ** ***'** already ***** **** **** your *** *********, *** would ******* ** *** different?

* *** ****** ****-******* when **** ***** ****** up. ***** ****** *** a **** ***, *** starting ** *** * lot ** ********* **** people ******* **** ***. Maybe * *** ** jealousy, * ***'* ****.

*** ******** ******** ***** slamming ** ***** ***** have * *** **** credibility ** **** ** percent ** ******* ** the ***** **** * simple ****** ****** ** mitigate *** *** ******. I ***** *** ****** will ** **** ******** to *** ******. ****** to *** *****. ******** down-time ******* ** *** reader ** ******* ** the **** **********.

***

* ******** *****. *** simple **** ** **** if *** ****** ***** the ******** ** *** reader, **** *** ******* point (*****) **** **** typically ** ** *** reader. ** **** ** so **** **** **** the ****** *** *** wall & *** **** direct ****** ** *** lock ***** & **** can **** *** ****.

@**** -- ***** *** plenty ** ******* **** offer ****** ***** ******* so *** ***** ** not ** *** *********** reader. ****** ***** ********* is * ***** **** factor ** *** *** mount ** ****** **** from *** **** **** the ********* ****** ** very *****.

**** ***** ****, ***** are **** ***** **** call *** *********** ******, some **** *** **********. Best ** ** *** a ******** ****** **** supports **** ************ *******.

**** ** ****, ** even **** ****, ******* it ** **** ******* bit ** **** **** will ** ******* *******. I ********* **** ***** get ******* ** *** wall ****** ****** *** reader, **** **** ** pull *** *** **** etc. **** ** ******* the ****** ****** *** NOT ********* **** *** reading ****** ** *** relay ******. **** ********* just **** ** '****' command.

**** ****.. **** *** a ************ ** **** crappy *************. *** *** what **'* ***** ** current *** ******** **** have ********* ************* ** the ****** *****, ********* I ******'* **** ** secure ****** :)

**** ** *** **** of *** ******** ****? According ** ******* ** are *** "*********"!!

* ***** *** ***** that ** **** **** is **** *******'* ******** and ****** ********* ** one **** **** **********'* have *** ******* *** how ** **** **. Look ** *** *********** spend *** ***** ** is *********. **** *** targeting **** ********* ********. Verkada *****'* **** ** need **********'* ***********, **** need ********** *** **** is * *** **********. I **** ** *** it ** **** ** an ******** ** *******. They ********* **** ** a *** ********** *** are ********** **.

**** **** ******* *** mistakes *** **** **** make **** ******* **** do *** ******. ***** they **** *** *** enough ** ****** *** brand **** *** *** going ** ****** ** us "*********". *** **** would ** ****** ***** pushing *** *********** ************* partners ** *** ***** asses ** **** *** get ** ******** ** can ******* **** ** a ******* *******, ********* we **** *** ** installers *** *******...** ****** or ******.

**** ****** ****** * consulting ***. **'* * shame **** *** ********* to ***** **** **** funded ******* **** ******, means **** *** ******* adapt. **** ********* ** effectively ***** *&*.

* ****** ** '** Honda ****** **** * realized **** **** *** wave ** *** ****** to ******* **** *** American *****. * ***** it *** ** *** one ******* ****, * 3 ***** ********* ************.

*** **** **** *** '83 ****** *** * 4 ***** *** *** rest ** *******.

***'* ******* **** *** graveyard. ***** **** *** girls *** ****. ***** access ******* ************ ***** was ********** *** **** are ***** ***** *** game - ****, ********* UTC *** ********.

*****'* ***** * **** valid **** ******* *** traditional ******* **** * lot ** ********* *** hard ******* ***** *** rule *** ** *** to ************* *** ***********.

Read this IPVM report for free.

This article is part of IPVM's 6,535 reports, 880 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Verkada Access Control Tested on Sep 09, 2020
Verkada raised $80 million earlier in 2020, expanding from video into access...
Verkada Falsely Claims "First Native Cloud-based Access Control and Video Security Solution" on Jun 18, 2020
Verkada's false claims continue, this time to be the first native cloud-based...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
WDR Cheat Sheet and Camera Tracking - 30 Manufacturers on Aug 26, 2020
Manufacturers are regularly cryptic about what WDR support they actually...
Dedicated Vs Converged Access Control Networks Statistics 2020 on Sep 10, 2020
Access control is a crucial system where the network used can impact life...
Forced Door Alarms For Access Control Tutorial on Aug 17, 2020
One of the most important access control alarms is also often ignored....
Openpath Raises $36 Million on Jul 16, 2020
Openpath has raised $36 million as 2020 has become a boom year for access...
Keypads For Access Control Tutorial on Jul 28, 2020
Keypad readers present huge risks to even the best access systems. If...
Exit Devices For Access Control Tutorial on Aug 25, 2020
Exit Devices, also called 'Panic Bars' or 'Crash Bars' are required by safety...
HID Releases VertX Replacement Aero on Aug 10, 2020
HID is replacing two established and broadly supported types of access...
Access Visitor Management Systems Guide on Jul 22, 2020
"Who are you, and why are you here?" Facilities that implement Visitor...
False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...
Door Fundamentals For Access Control Guide on Aug 24, 2020
Doors vary greatly in how difficult and costly it is to add electronic access...
ISC News Fakes Fever Screening, Falsely Quotes FDA on Jun 18, 2020
ISC News, the Reed publication behind the ISC East and West trade shows, has...
Integrator Acquisitions 'A Good Market' During COVID-19, Says Greybeards on Jul 28, 2020
Industry broker Ron Davis of the "Greybeards" says that the integrator and...

Recent Reports

OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...
China Bems Temperature Measurement Terminal Tested on Sep 22, 2020
Guangzhou Bems (brand Benshi) is the manufacturer behind temperature...
Axis Exports To China Police Criticized By Amnesty International on Sep 21, 2020
Axis Communications and other EU surveillance providers are under fire from...
Milestone XProtect on AWS Tested on Sep 21, 2020
Milestone finally launched multiple cloud solutions in 2020, taking a...