3 min read

150,000 security cameras are hacked exposing jails, hospitals, and well-known firms

Graham CLULEY

March 11, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
150,000 security cameras are hacked exposing jails, hospitals, and well-known firms

A hacking group has gained access to the feeds of 150,000 surveillance cameras used inside businesses, schools, police departments, hospitals, and well-known companies.

The security breach, which was first reported by Bloomberg, resulted in hackers being able to view live feeds of cameras managed by Verkada, a cloud-based startup which brags about using cameras to identify risks and help people and locations stay safe and secure.

A reporter at Bloomberg is said to have watched footage of staff at a Florida hospital tackling a man and pinning him to a bed, and in another video watched a handcuffed man being questioned by officers at a police station in Stoughton, Massachusetts.

As well as being able to access video and image data from the security cameras of Verkada’s customers, the hackers are also said to have accessed:

  • A list of client account administrators, including names and email addresses
  • A list of Verkada sales orders.

Verkada says that it has seen no evidence that the hackers were able to access users’ passwords or password hashes, or the company’s internal network, financial systems, or other business systems.
In the wake of the attack, Twitter suspended the @nyancrimew account of Tillie Kottmann, a member of a hacking collective dubbed “APT 69420 Arson Cats,” who had claimed that they “had root shells inside the corporate networks of both CloudFlare and Okta”, boasting that if they wanted to they “could have probably owned half the internet in like a week.”

Switzerland-based Kottmann claimed that the hack had been achieved after Verkada left an internal development system exposed to the internet. From that, hackers were able to obtain login credentials for an account that had admin rights on Verkada’s network.

Technology firms which are confirmed to have been affected by the security camera breach include Tesla, Cloudflare, identity and access management company Okta, and – of course – Verkada itself.

As Reuters reports, Tesla confirmed that one of its suppliers’ production sites in China had been caught up in the attack, but that neither its factory in Shanghai nor showrooms were affected.

The electric vehicle company says that cameras at the supplier’s company are either no longer operational, or have been disconnected from the internet.

In an update posted on its website, Verkada said that it had identified the attack vector used by the hackers and had secured it by “approximately noon PST on March 9, 2021”.

The high profile security breach is clearly embarrassing for Verkada, which brags on its website about how its cameras “prioritise people’s privacy.”

 

According to the firm, customers do not need to take any further action to secure themselves.

Of course, some affected customers may wish to reconsider whether the benefits of using cloud-based security cameras from Verkada is worth the risk.

Certainly I would be wondering why it’s possible for Verkada employees to access customers’ video feeds without the explicit approval of the customers themselves. If that wasn’t possible then surely the hackers wouldn’t have been able to view the feeds either?

Readers may recall that Verkada made the headlines in October last year after it was found that some of the firm’s staff had used the company’s cameras and facial recognition technology to take and share images of female co-workers.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read