According to sources, security cameras accessed by hackers belong to prisons, hospitals, warehouses, and offices of top firms like Tesla and Cloudflare – More than 100 Verkada Inc. employees also had access to thousands of cameras.
The vulnerable state of IoT devices (Internet of Things) is nothing surprising. From security cameras to smart TVs everything is on the verge of being hacked. That is exactly what happened to Silicon Valley security startup Verkada.
Silicon Valley Security Startup Suffers Security Breach
Verkada is a Silicon Valley security startup that offers cloud-based security camera services. According to Bloomberg, a group of hackers breached Verkada Inc.’s security and gained access to live feeds of around 150,000 surveillance cameras.
The cameras were installed inside hospitals, police departments, companies, schools, and prisons. The hackers, reportedly, collected a massive trove of data from security cameras from the company.
Verkada acknowledged the breach and stated that they had disabled all internal admin accounts to prevent unauthorized access.
“Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement,” Verkada’s spokesperson stated.
Affected Companies include Verkada, Tesla, and Cloudflare
Bloomberg reports that renowned automaker Tesla Inc. and software maker Cloudflare Inc. and Equinox are the major firms affected by the Verkada security breach. The hackers accessed Tesla’s factories and warehouses, Equinox gym, and Cloudflare office footages.
Additionally, hackers viewed inside footage of women’s health clinics, psychiatric hospitals, and Verkada offices. Some cameras, especially those installed in hospitals, were using facial recognition technology so it may be possible to identify and categorize people in the footage. Hackers claim that they also have accessed the entire video archive of Verkada customers.
Video Shows Inside Footage of Hospital and Warehouse
Bloomberg reported about a video that shows a Verkada camera footage from inside the Florida hospital Halifax Health. In the video, around eight-hospital staffers are shown pinning a man to a bed. In another video, Tesla’s Shanghai warehouse workers are seen working on an assembly line. Hackers claim that they accessed 222 cameras in Tesla factories and warehouses.
Breach Conducted to Highlight Security Loopholes
The international hacker collective has taken responsibility for breaching the security of the San Mateo, California-based Verkada. One of the group’s members Tillie Kottmann said that the hack was meant to highlight how commonly Verkada’s security cameras are used and how easy it is to hack them.
Kottmann claims that they hacked Verkada because of “lots of curiosity, fighting for the freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism — and it’s also just too much fun not to do it.”
Statements from Affected Companies
Verkada stated that it is notifying customers and will set up a support line to answer their queries. Since the news of the security breach came out, affected companies have released official statements. Cloudflare claims that the cameras were already disconnected from their office networks.
The company released a statement that read:
“This afternoon we were alerted that the Verkada security camera system that monitors main entry points and main thoroughfares in a handful of Cloudflare offices may have been compromised. The cameras were located in a handful of offices that have been officially closed for several months.”
On the other hand, Tesla claims that the attack was limited to a supplier’s production site in China’s Henan province while its Shanghai car showrooms and factory weren’t affected. The supplier’s factory data was locally stored and didn’t pose any security risk. However, they have disconnected the camera to prevent any misuse.
Verkada employees had “extensive access” to private customer cameras
According to an updated Bloomberg story published at 12:59 AM Thursday, March 11, 2021, (GMT), it has been revealed that Verkada employees had “extensive access” to private customer cameras.
It is being reported that more than 100 Verkada Inc. employees had access to thousands of cameras used by its customers whilst they were unaware that the company could peer through their cameras.
This list of these customers/clients includes police departments, schools, top firms, and hospitals, etc.
“We literally had 20-year-old interns that had access to over 100,000 cameras and could view all of their feeds globally,” a former senior-level employee told Bloomberg.