The companies exposed by the camera data include car manufacturer Tesla and software provider Cloudflare Inc. In addition, hackers were able to obtain camera information from women’s health clinics, psychiatric hospitals, and Verkada offices. Certain cameras (including those in hospitals) use facial recognition technology to identify and classify the identity of the person seen on the lens. Hackers say they can also access the complete video archives of all Verkada customers.
Bloomberg pointed out that in an exposed video, a Verkada camera in Halifax Health, Florida, showed that eight hospital staff appeared to tie a man and fix it on Bed.
Another surveillance video in the Tesla warehouse in Shanghai shows the workflow of workers on the assembly line. The hackers stated that they could access 222 cameras in Tesla’s factories and warehouses.
The same hacker group previously invaded chip maker Intel Corporation and car maker Nissan Motor Company.
A Verkada representative said in a statement: “We have disabled all internal administrator accounts to prevent any unauthorized access.” “Our internal security team and external security companies are investigating the scale and scale of this potential issue. range.”
People familiar with the matter said that Verkada’s chief information security officer, internal teams and external security companies are investigating the incident. The person asked to discuss the ongoing investigation anonymously. The company said that it is currently working to notify customers and establish a support hotline to resolve the issue.
Representatives of Tesla and other affected companies did not immediately respond to requests for comment. Representatives of prisons, hospitals and schools where the video was leaked declined to comment or did not immediately respond to requests for comment.
A leaked video seen by Bloomberg showed a police officer at a police station in Stoughton, Massachusetts asking a man in handcuffs. The hackers also released a security camera video of Sandy Hook Elementary School in Newtown, Connecticut, where a gunman killed more than 20 people in 2012.
Hackers can also use 330 security cameras located in the Madison County Prison in Huntsville, Alabama. The Verkada blog post stated that Verkada provides a feature called “personal analysis” that allows customers to “search and filter based on many different attributes, including gender characteristics, clothing colors, and even Are the facial features of a person”.
Some images show that cameras in certain US prisons (some of which are hidden in vents, thermostats, and defibrillators) use facial recognition technology to track prisoners and correctional personnel’s cameras. The hackers said they were able to access real-time scenes and archived videos of conversations between police and suspects, including audio in some cases, all of which were presented in 4K HD.
Kotman said that their team was able to gain “administrator root” access on the camera, which means they can use the camera to execute their own code. In some cases, this access may enable them to transfer and gain access to the wider company network of Verkada customers, or to hijack the camera and use it as a platform for future hacking attacks. Kotman said that obtaining this degree of camera access does not require any additional hacking, as it is a built-in feature.
The hacker’s method is not complicated: they accessed Verkada through a “super administrator” account, allowing them to spy on all their customers’ cameras. Kotman said they found the username and password of an administrator account that was publicly displayed on the Internet.