Hackers have gained access to 150,000 security cameras from the American start-up Verkada. They could watch live in Tesla factories, prisons and the security company itself. They also got access to video archives.
The hack was carried out by a group of security experts who want to demonstrate the lack of security, Bloomberg writes. Developer Tillie Kottmann, among others, is involved in that group that calls itself Advanced Persistent Threat 69420. According to Kottmann, the group gained root access to the cameras through a “Super Admin” account whose credentials were found online.
Verkada’s security cameras are installed in hospitals, companies, prisons and factories. The hackers were able to view 330 cameras at an Alabama prison, which also uses facial recognition to track the inmates.
The hackers were also able to view 222 cameras in Tesla factories and warehouses. They also saw images of Cloudflare offices, police stations, prisons, schools and hospitals. The hackers also had access to archives, sometimes with accompanying audio. This allowed them to watch police interrogations with suspects. Bloomberg has seen various images and says it is 4k material.
After Bloomberg contacted Verkada, the company preemptively disabled all admin accounts and the group of hackers no longer had access. The company says it hired another company to investigate the incident and has called the police.
Verkada was founded in 2016 and sells security cameras and associated cloud services to companies. The start-up received $80 million in venture capital in January last year and would be valued at $1.6 billion.
Cameras from Verkada