'Curious' Hackers Access 150,000 Security Cameras To Watch Tesla, Cloudflare, Hospitals And Prisons
Tesla says breach limited to supplier's factory in Henan, China
KEY POINTS
- Hackers breached 150,000 cameras from a Silicon Valley security firm
- The hacking went as far as confidential high-definition video archives
- The intrusion let hackers gain root access to cameras
Hackers breached 150,000 Verkada security cameras and gained access to live and archived footage from Tesla, Cloudflare and other companies as well as hospitals, jails and even houses.
Swiss software developer Tillie Kottmann claimed that his team broke into Silicon Valley startup Verkada, Bloomberg reported Tuesday. Kottmann shared with media outlets footage from a Tesla showroom in California and a factory in China.
The U.S. electric car maker told Reuters Wednesday that the breach was restricted to a Chinese supplier’s production site in the Henan province and its Shanghai car factory and showrooms were not affected.
One of the videos provided by Kottman showed eight hospital staffers were pinning a man down to bed, apparently in Florida's Halifax Health. Another video showed police officers questioning a man in handcuffs in a police station in Stoughton, Massachusetts. The locations could not be independently verified.
Verkada, which has over 5,200 customers, including cities, colleges and hotels, confirmed the breach and said it prevented further unauthorized access. “Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement,” a company representative said.
The breach went as far as high-definition confidential archived videos. The videos included audio of interviews between authorities and criminal suspects, Business Insider reported.
Kottmann claimed that his team was able to gain root access to get the cameras execute their own code. He added that it was a built-in feature of the cameras and did not require any additional hacking.
The hacker who refused to name other members of his group said they managed to access the security firm through a Super Admin account. Kottmann said his team found Verkada admin logins publicly exposed on the internet a few days ago.
The hackers said Verkada cut off their access hours before their interview with Bloomberg.
When asked about the reason for hacking, Kottmann said, “lots of curiosity, fighting for the freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism and it’s also just too much fun not to do it,” ARS Technica reported.
Cloudflare assured the public that no customer data was affected.
© Copyright IBTimes 2024. All rights reserved.