A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.
The breakthrough shows the astonishing reach of cameras that support facial recognition technology in ordinary workplaces, bars, parking lots, schools, stores and more.
One person involved in the hack told Reuters that a small group of hackers had seen live and archived surveillance footage from hundreds of companies, including Tesla, by accessing the system administrator’s accounts at the camera maker Verkada .
Swiss software developer Telly Cottman – who gained her fame from her efforts to find security flaws in mobile apps and other systems – shared screenshots on Twitter that she says are from Tesla’s California warehouse and Alabama prison.
Cotman said that the hackers, by publishing this information, sought to draw attention to the surveillance policy that is widespread these days, after they gained access to Verkada tools via the Internet this week.
In turn, the company “Verkada” acknowledged the intrusion, and indicated that it has disabled all accounts of the entry supervisor who has the power to prevent unauthorized access, and said that “Our internal security team and the external security company are investigating the size and scope of this problem, and we have informed law enforcement agencies and clients.” .
Cotman said that Verkada cut off pirates’ access to cameras hours before Bloomberg announced the hack on Tuesday.
Added that the hacking group could have used their control over the camera equipment to gain access to other parts of the company’s networks at Tesla and software makers, Cloudflare and Okta.
Claude Flare said its security measures are designed to prevent a small leak from becoming a wider intrusion, stressing that customer data has not been affected.
The Verkada user account list – provided by the hacking group and seen by Reuters – includes thousands of organizations, including the gym chain Bay Club and the start-up transportation technology company Virgin Hyperloop.
Verkada says on its website that it has more than 5,200 clients, including cities, colleges and hotels. This spread of its cameras is due to its association with a program to search for specific people or items, and users can access the feeds of these cameras remotely via cloud technologies.
Verkada came under scrutiny last year after Vice reported that some employees had used the company’s cameras and facial recognition technology to capture and share photos of the female colleagues.
Sources:
- Reuters
- https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
- https://www.vice.com/en/article/pkdyqm/surveillance-startup-used-own-cameras-to-harass-coworkers