3 min read

150,000 security cameras are hacked exposing jails, hospitals, and well-known firms

Graham CLULEY

March 11, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
150,000 security cameras are hacked exposing jails, hospitals, and well-known firms

A hacking group has gained access to the feeds of 150,000 surveillance cameras used inside businesses, schools, police departments, hospitals, and well-known companies.

The security breach, which was first reported by Bloomberg, resulted in hackers being able to view live feeds of cameras managed by Verkada, a cloud-based startup which brags about using cameras to identify risks and help people and locations stay safe and secure.

A reporter at Bloomberg is said to have watched footage of staff at a Florida hospital tackling a man and pinning him to a bed, and in another video watched a handcuffed man being questioned by officers at a police station in Stoughton, Massachusetts.

As well as being able to access video and image data from the security cameras of Verkada’s customers, the hackers are also said to have accessed:

  • A list of client account administrators, including names and email addresses
  • A list of Verkada sales orders.

Verkada says that it has seen no evidence that the hackers were able to access users’ passwords or password hashes, or the company’s internal network, financial systems, or other business systems.
In the wake of the attack, Twitter suspended the @nyancrimew account of Tillie Kottmann, a member of a hacking collective dubbed “APT 69420 Arson Cats,” who had claimed that they “had root shells inside the corporate networks of both CloudFlare and Okta”, boasting that if they wanted to they “could have probably owned half the internet in like a week.”

Switzerland-based Kottmann claimed that the hack had been achieved after Verkada left an internal development system exposed to the internet. From that, hackers were able to obtain login credentials for an account that had admin rights on Verkada’s network.

Technology firms which are confirmed to have been affected by the security camera breach include Tesla, Cloudflare, identity and access management company Okta, and – of course – Verkada itself.

As Reuters reports, Tesla confirmed that one of its suppliers’ production sites in China had been caught up in the attack, but that neither its factory in Shanghai nor showrooms were affected.

The electric vehicle company says that cameras at the supplier’s company are either no longer operational, or have been disconnected from the internet.

In an update posted on its website, Verkada said that it had identified the attack vector used by the hackers and had secured it by “approximately noon PST on March 9, 2021”.

The high profile security breach is clearly embarrassing for Verkada, which brags on its website about how its cameras “prioritise people’s privacy.”

 

According to the firm, customers do not need to take any further action to secure themselves.

Of course, some affected customers may wish to reconsider whether the benefits of using cloud-based security cameras from Verkada is worth the risk.

Certainly I would be wondering why it’s possible for Verkada employees to access customers’ video feeds without the explicit approval of the customers themselves. If that wasn’t possible then surely the hackers wouldn’t have been able to view the feeds either?

Readers may recall that Verkada made the headlines in October last year after it was found that some of the firm’s staff had used the company’s cameras and facial recognition technology to take and share images of female co-workers.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read
Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials
Silviu STAHIE

September 30, 2022

1 min read
North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find
Silviu STAHIE

September 30, 2022

1 min read