Verkada CCTV Breach Exposes Hundreds Of Businesses

Hackers have compromised hundreds of businesses after gaining administration access to CCTV cameras installed in thousands of businesses.

The compromise has reportedly been confirmed by California-based Verkada, which provides cloud-based security camera services to a range of businesses.

According to Bloomberg, Verkada has 150,000 CCTV cameras in Tesla factories and warehouses, Cloudflare offices, Equinox gyms, hospitals, prison, schools, police stations, and Verkada’s own offices.

Verkada compromise

An international hacker collective reportedly breached the security-camera data collected by Verkada in order to demonstrate how commonplace the company’s security cameras are, and how easily hackable they are.

Bloomberg said the hackers able to view video from inside women’s health clinics, psychiatric hospitals and indeed the offices of Verkada itself.

Some of the cameras, including in hospitals, use facial-recognition technology to identify and categorise people captured on the footage.

The hackers reportedly said they also have access to the full video archive of all Verkada customers.

Bloomberg itself reported that it had viewed a video of a Verkada camera inside Florida hospital Halifax Health, which showed what appeared to be eight hospital staffers tackling a man and pinning him to a bed.

Another video, shot inside a Tesla warehouse in Shanghai, shows workers on an assembly line.

The hackers reportedly said they obtained access to 222 cameras in Tesla factories and warehouses.

Bloomberg cited one of the hackers as being Tillie Kottmann, who has previously claimed credit for hacking Intel and Nissan Motor Co.

Kottmann reportedly the reasons for the hacking by the collective are “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism — and it’s also just too much fun not to do it.”

Kottmann reportedly called the hacking collective “Advanced Persistent Threat 69420,” a reference to the designations cybersecurity firms give to state sponsored hacking groups and cybercriminals.

Kottmann said they were able to download the entire list of thousands of Verkada customers, as well as the company’s balance sheet. Kottman said hackers watched through the camera of a Verkada employee who had set one of the cameras up inside his home.

Verkada response

Verkada responded and said that it has notified law enforcement of the breach.

“We have disabled all internal administrator accounts to prevent any unauthorised access,” a Verkada spokesperson was quoted by Bloomberg in a statement. “Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”

A person with knowledge of the matter said Verkada’s chief information security officer, an internal team and an external security firm are reportedly investigating the incident.

Verkada is also reportedly working to notify customers and set up a support line to address questions.

“This afternoon we were alerted that the Verkada security camera system that monitors main entry points and main thoroughfares in a handful of Cloudflare offices may have been compromised,” San Francisco-based Cloudflare reportedly said in a statement. “The cameras were located in a handful of offices that have been officially closed for several months.”

The company said it disabled the cameras and disconnected them from office networks.

Prison hacked

The hackers were also able to gain access to 330 security cameras inside the Madison County Jail in Huntsville, Alabama.

Bloomberg said it had seen images that show that the cameras inside the jail, some of which are hidden inside vents, thermostats and defibrillators, and which can track inmates and correctional staff using the facial-recognition technology.

The hackers reportedly said they were able to access live feeds and archived video, in some cases including audio, of interviews between police officers and criminal suspects, all in the high-definition resolution (4K).

It is also reported that Verkada in October 2020 fired three employees, after reports surfaced that workers had used its cameras to take pictures of female colleagues inside the Verkada office and make sexually explicit jokes about them.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Signal Shows Data Collection Adverts Facebook Rejected

Signal has had user-targetted adverts on Instagram blocked, as messaging service attempts to highlight Facebook…

6 hours ago

Oversight Board Upholds Trump’s Facebook Suspension

Bad news for Donald. Facebook's 'Supreme Court' upholds suspension of Donald Trump account, but asks…

7 hours ago

US Presses TSMC For More Chips For Car Makers

Global silicon shortage continues, as US Commerce Department presses Taiwanese chipmakers to ease the supply…

8 hours ago

Starlink Signs Up 500,000 Pre-Orders For Satellite Internet

Elon Musk space venture SpaceX has already signed 500,000 customers on pre-order for its Starlink…

10 hours ago

Apple Vs Epic Games Court Battle Continues

Second day of courtroom showdown in the US reveals Epic Games management would have accepted…

12 hours ago

Trump Launches ‘Communications’ Website

Banned from social media for instigating US Capitol riot, Trump launches 'straight from the desk'…

14 hours ago