In March, Silicon Valley start up Verkada suffered a significant breach when hackers compromised nearly 150,000 of the company’s cloud-based security cameras. Intruders were able to access camera data collected from schools, prisons, hospitals, and several companies, including Tesla and Cloudflare.
The breach gave hackers access to a massive trove of data through a ‘super admin’ account that was exposed on the internet. “In gaining access to the server, the attackers obtained credentials that allowed them to bypass our authorization system, including two-factor authorization,” Verkada said in a statement.
The ease of this intrusion highlights the lack of security processes for IoT device manufacturers. Traditionally, manufacturers have not prioritized security, with resulting consequences such as stolen data and loss of control of devices and systems. The Verkada incident is the latest in a line of attacks since 2016 that have put the lack of, and need for, IoT security front and center.
IoT Cybersecurity Improvement Act 2020
With growing popularity and implementation, IoT technology can be truly transformative and improve lives in many ways. However, it is crucial that these devices and ecosystems are secure from potential threats.
The IoT Cybersecurity Improvement Act 2020 is the first step towards that goal. In December, the US Government passed legislation to ensure that federal agencies only procure IoT devices that meet specific security requirements based on recommendations developed by the National Institute of Science and Technology (NIST).
The IoT Cybersecurity Improvements Act is expected to receive push-back in the short-term as it may slow product development and increase development costs. In the long-run, the push to standardize IoT security rules, and ultimately gain widespread adoption from IoT manufacturers, will be beneficial for all stakeholders.
To learn more about the legislation and what it means for IoT device manufacturers, view our IoT Cybersecurity Improvement Act resources.
Allegro Software, headquartered in Boxborough, Massachusetts, is a leading provider of IoT edge security and connectivity software toolkits to manufacturers worldwide. Field-proven in over 250,000,000 devices, our solutions enable OEMs in the Energy, Healthcare, Medical, Military, Enterprise, and Consumer sectors to create connected, secure devices using TLS, SSH, FIPS 140-2 and more.
Since 1996, Allegro has been on the forefront of leading the evolution of embedded device management, security, and connectivity with its patented embedded web server and security toolkits.