If you’ve ever had the strange sense that someone was watching you, you might’ve been right, especially if you work at Tesla, Cloudflare, Equinox, or a number of other institutions.
That’s because Verkada, a security company, was recently hacked–along with their 150,000+ cameras.
Hackers Breach Verkada
This is just the latest in a run of high-level hacks this month. According to Vice News, more than 24,000 organizations may have been breached in this attack.
Verkada’s list of potential victims is staggering. It includes pubs & breweries, K-12 schools, condominiums (which may be private residences), universities, shopping malls, credit unions, churches, museums, newspaper offices, a Salvation Army center, pharmaceutical companies, the Professional Golfer’s Association, airports, and more.
The hackers, which go by the name of APT-69420 Arson Cats, claim to have accessed live video feed from companies like Tesla and Cloudflare, as well as jails and hospitals.
While the attack itself is unsettling, what they revealed in their breach was equally troubling.
The Recoginition Technology in Cameras Is Powerful
Tillie Kottman, one of the alleged hackers, told Vice’s Motherboard, “it’s so abysmal.” They (their chosen pronoun) were referring to the ease with which the hackers were able to access Verkada’s cameras. And by gaining access to the cameras, they gained access to more than just footage.
“All” of the company’s cameras come equipped with “Smart Edge-Based Analytics.” This includes facial recognition technology, person identification, and vehicle analysis. The cameras are also fixed with AI that can detect “meaningful events,” which includes “unusual motion.”
Check out this video on Verkada:
With this technology, Verdaka can identify people across time and space by detecting their faces. They’re also capable of filtering people by gender, clothes color, and various other attributes. And the hackers had access to all of this.
In fact, they released a video of hospital staffers in Florida tackling a man, then pinning him to a bed. They also showed another video of officers questioning a handcuffed man in a police station in Massachusetts.
It’s not clear if the hackers will try to use this footage as a ransom, but it’s certainly possible if they find anything incriminating.
How Did the Hackers Do It?
According to Ars Technica, Verdaka exposed an unprotected internal development tool to the entire internet, and the hackers pounced. Login credentials for super admin rights to the Verdaka network were contained within the tool.
Kottman claims the hackers stole about 5GB of data but could’ve gotten much more.
Kottman is a software engineer based out of Switzerland. They’ve previously breached companies such as Microsoft, Intel, Lenovo, Qualcomm, and Motorola.
If you feel like you’ve been, please reach out to us immediately.
Featured image by Kanowa from Shutterstock.