Verkada CCTV Breach Exposes Hundreds Of Businesses

Hackers have compromised hundreds of businesses after gaining administration access to CCTV cameras installed in thousands of businesses.

The compromise has reportedly been confirmed by California-based Verkada, which provides cloud-based security camera services to a range of businesses.

According to Bloomberg, Verkada has 150,000 CCTV cameras in Tesla factories and warehouses, Cloudflare offices, Equinox gyms, hospitals, prison, schools, police stations, and Verkada’s own offices.

Verkada compromise

An international hacker collective reportedly breached the security-camera data collected by Verkada in order to demonstrate how commonplace the company’s security cameras are, and how easily hackable they are.

Bloomberg said the hackers able to view video from inside women’s health clinics, psychiatric hospitals and indeed the offices of Verkada itself.

Some of the cameras, including in hospitals, use facial-recognition technology to identify and categorise people captured on the footage.

The hackers reportedly said they also have access to the full video archive of all Verkada customers.

Bloomberg itself reported that it had viewed a video of a Verkada camera inside Florida hospital Halifax Health, which showed what appeared to be eight hospital staffers tackling a man and pinning him to a bed.

Another video, shot inside a Tesla warehouse in Shanghai, shows workers on an assembly line.

The hackers reportedly said they obtained access to 222 cameras in Tesla factories and warehouses.

Bloomberg cited one of the hackers as being Tillie Kottmann, who has previously claimed credit for hacking Intel and Nissan Motor Co.

Kottmann reportedly the reasons for the hacking by the collective are “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism — and it’s also just too much fun not to do it.”

Kottmann reportedly called the hacking collective “Advanced Persistent Threat 69420,” a reference to the designations cybersecurity firms give to state sponsored hacking groups and cybercriminals.

Kottmann said they were able to download the entire list of thousands of Verkada customers, as well as the company’s balance sheet. Kottman said hackers watched through the camera of a Verkada employee who had set one of the cameras up inside his home.

Verkada response

Verkada responded and said that it has notified law enforcement of the breach.

“We have disabled all internal administrator accounts to prevent any unauthorised access,” a Verkada spokesperson was quoted by Bloomberg in a statement. “Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”

A person with knowledge of the matter said Verkada’s chief information security officer, an internal team and an external security firm are reportedly investigating the incident.

Verkada is also reportedly working to notify customers and set up a support line to address questions.

“This afternoon we were alerted that the Verkada security camera system that monitors main entry points and main thoroughfares in a handful of Cloudflare offices may have been compromised,” San Francisco-based Cloudflare reportedly said in a statement. “The cameras were located in a handful of offices that have been officially closed for several months.”

The company said it disabled the cameras and disconnected them from office networks.

Prison hacked

The hackers were also able to gain access to 330 security cameras inside the Madison County Jail in Huntsville, Alabama.

Bloomberg said it had seen images that show that the cameras inside the jail, some of which are hidden inside vents, thermostats and defibrillators, and which can track inmates and correctional staff using the facial-recognition technology.

The hackers reportedly said they were able to access live feeds and archived video, in some cases including audio, of interviews between police officers and criminal suspects, all in the high-definition resolution (4K).

It is also reported that Verkada in October 2020 fired three employees, after reports surfaced that workers had used its cameras to take pictures of female colleagues inside the Verkada office and make sexually explicit jokes about them.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Amazon Alexa Recovers After Morning Outage

Alexa wake up alarm didn't work this morning? Smart lights didn't turn on? Outage of…

2 days ago

UK, Australia Reach Cyber, Critical Tech Agreement

Australia says it will 'fight back' against nation state cyberattacks, after agreements with the UK…

2 days ago

Italian Regulator Recalculates Apple, Amazon Fines

Italian regulator admits it has redetermined the fines against Apple and Amazon, over the sale…

3 days ago

Red Cross ‘Appalled’ As Hackers Steal Humanitarian Data Of 515,000 People

A new low. International Committee of the Red Cross shuts down reunification system, after hackers…

3 days ago

Russia Proposes Ban On Cryptocurrencies, Crypto Mining

Russia's central bank has this week proposed the banning on the use and mining of…

3 days ago