A report of Bloomberg say hackers have breached the security of Verkada, a video surveillance business, gaining access to live feeds from more than 150,000 cameras. The reporter was in contact with the hackers who said they had access to hundreds of cameras in Tesla facilities, as well as other companies such as Cloudflare.
In a statement, a Verkada spokesman said: “We have disabled all internal administrator accounts to prevent unauthorized access. Our internal security team and external security firm are investigating the extent and extent of this issue, and we have notified law enforcement.”
The hackers said they subsequently lost access Bloomberg contacted the company, but that they initially entered via a ‘Super Admin’ login that was exposed on the internet. Then they use built-in camera features to gain root access and remote control. Motherboard previously reported on Verkada employees who used surveillance cameras in their own office to harass others and take pictures of women they worked with, and now got a spreadsheet from the hackers identifying 24,000 organizations that may be the cameras use.
Verkada
On its website, Verkada demonstrates its ability to provide secure remote access to camera feeds, providing real-time visibility of events in different areas. It also advertises ‘video analytics’ which can rely on face recognition, identification and vehicle tracking using technology built directly into the cameras. One of the people in the group behind the offense told Bloomberg that this incident “exposes how broadly we are being investigated and how little care is being taken to at least secure the platforms used to do so and pursue nothing but profit.”