Hackers have attacked Verkada video surveillance cameras, gaining access to 150,000 of the IoT (Internet of things) devices and customers' associated video archives. Attack victims include such Verkada customers as a Tesla supplier, Cloudflare, Equinox, various hospital networks, police departments, correctional facilities and schools.
Verkada develops cloud-cloud-based enterprise video security solutions for building security and other use cases. The startup raised $80 million in Series C funding at a $1.6 billion valuation back in January 2020. Series C Verkada investors include Next47, Sequoia Capital, Meritech Capital and Felicis Ventures.
In response to the cyberattck, Verkada has disabled all internal administrator accounts to prevent any unauthorized access. Moreover, Verkada's internal security team and an external security firm are investigating the scale and scope of this potential issue, The Los Angeles Times reports.
After Bloomberg contacted Verkada, the hackers lost access to the video feeds and archives, The Los Angeles Times reports.
Video Surveillance Cyberattack: Hackers Fighting for Privacy?
For MSPs, MSSPs (managed security services providers) and IT consulting firms that specialize in access control and video surveillance, the attack raises fresh questions that extend beyond proper security.
Although the Verkada hack appears to be a crime, the breach has triggered conversation about how video surveillance cameras, facial recognition and AI (artificial intelligence) technologies are deployed and used.
In this case, the hackers allegedly gained access to multiple videos that may raise questions about how businesses, health care and public safety workers monitor and treat people, as well as how they gather, store and use data.
Long before the attack, organizations and governments worldwide have been debating the use of AI-related facial recognization technologies.
Verkada Internet Camera Cyberattack: Key Developments
The Verkada video security camera hack involves the following details, according to the Los Angeles Times:
- Tillie Kottmann, one of the hackers who claimed credit for breaching Verkada, previously claimed credit for hacking Intel and Nissan Motor.
- The Verkada data breach was carried out by an international hacker collective and intended to show the pervasiveness of video surveillance and the ease with which systems could be breached.
- Hackers obtained root access to the cameras, meaning they could use the cameras to execute their own code.
- The hackers gained access to Verkada through a “Super Admin” account, enabling them to peer into the cameras of all of its customers. Kottmann says they found a user name and password for an administrator account publicly exposed on the Internet.
- Hackers said they obtained access to 222 cameras in Tesla factories and warehouses.
- Kottmann said they were able to download the entire list of thousands of Verkada customers, as well as the company’s balance sheet, which lists assets and liabilities.
Verkada Cloud-based Cameras: More Cyberattack Details
More third-party reports include...
Tesla said the hack was restricted to a supplier’s production site in Henan province, China, and its Shanghai car factory and showrooms were not affected. Source: Reuters, March 9, 2021.
Stay tuned for more updates.