More Than 150,000 Cameras Hacked in Verkada Breach

hacker CAmera

If you’ve ever had the strange sense that someone was watching you, you might’ve been right, especially if you work at Tesla, Cloudflare, Equinox, or a number of other institutions.

That’s because Verkada, a security company, was recently hacked--along with their 150,000+ cameras.

Hackers Breach Verkada

This is just the latest in a run of high-level hacks this month. According to Vice News, more than 24,000 organizations may have been breached in this attack.

Verkada’s list of potential victims is staggering. It includes pubs & breweries, K-12 schools, condominiums (which may be private residences), universities, shopping malls, credit unions, churches, museums, newspaper offices, a Salvation Army center, pharmaceutical companies, the Professional Golfer’s Association, airports, and more.

Verkada
Bloomberg was the first publication to break this story. | Source: Twitter

The hackers, which go by the name of APT-69420 Arson Cats, claim to have accessed live video feed from companies like Tesla and Cloudflare, as well as jails and hospitals.

While the attack itself is unsettling, what they revealed in their breach was equally troubling.

The Recoginition Technology in Cameras Is Powerful

Tillie Kottman, one of the alleged hackers, told Vice’s Motherboard, “it’s so abysmal.” They (their chosen pronoun) were referring to the ease with which the hackers were able to access Verkada’s cameras. And by gaining access to the cameras, they gained access to more than just footage.

“All” of the company’s cameras come equipped with “Smart Edge-Based Analytics.” This includes facial recognition technology, person identification, and vehicle analysis. The cameras are also fixed with AI that can detect “meaningful events,” which includes “unusual motion.”

Check out this video on Verkada:

About Verkada - 3 Min Demo

With this technology, Verdaka can identify people across time and space by detecting their faces. They’re also capable of filtering people by gender, clothes color, and various other attributes. And the hackers had access to all of this.

In fact, they released a video of hospital staffers in Florida tackling a man, then pinning him to a bed. They also showed another video of officers questioning a handcuffed man in a police station in Massachusetts.

It’s not clear if the hackers will try to use this footage as a ransom, but it’s certainly possible if they find anything incriminating.

How Did the Hackers Do It?

According to Ars Technica, Verdaka exposed an unprotected internal development tool to the entire internet, and the hackers pounced. Login credentials for super admin rights to the Verdaka network were contained within the tool.

Kottman
Kottman accessed Verkada’s system with relative ease. | Source: Twitter

Kottman claims the hackers stole about 5GB of data but could’ve gotten much more.

Kottman is a software engineer based out of Switzerland. They’ve previously breached companies such as Microsoft, Intel, Lenovo, Qualcomm, and Motorola.

If you feel like you’ve been, please reach out to us immediately.

Featured image by Kanowa from Shutterstock.

Tags:
Aaron Weaver
Aaron Weaver is the Head of Content for Hacked.com. He has over 15 years of journalism experience. As a tech-savvy editor and researcher, he prides himself on journalistic integrity by providing cutting edge data backed by the latest science.

[email protected]

Phone support: +1 334 625 9990
7AM-7PM CDT weekday, 8AM-3PM CDT Saturday
We are not able to answer all calls.
For a guaranteed response, please use email or schedule a call with us here.




We have been recommended to clients by employees at FBI and local law enforcement in the United States. For references, please send us an email.






         



Read all of our reviews here.