Hacking Collective Accesses Live and Archived Feeds from 150,000 Verkada Security Cameras

Verkada, a California-based provider of enterprise video security cameras is investigating a hacking incident which saw hackers gain access to the video footage of its customers’ facilities across around 150,000 security cameras. Customers include Tesla and Cloudflare, penitentiaries, hospitals, gymnasiums, schools, factories, and police stations.

Bloomberg reports it received footage obtained by the hackers and verified its authenticity. The hack was not conducted for malicious purposes. The international hacking collective conducted the attack to demonstrate how easy it is for modern surveillance camera systems to be breached. The hackers claim not only to have accessed the live feeds from surveillance cameras from all Verkada customers but were also able to access archive footage.

Gaining access to the entire network of security cameras was actually simple. A username and password for an internal administrator account was found publicly exposed on the Internet. Using the credentials the researchers were able to gain root access to the cameras and, in some cases, even access to the networks of customers. The individuals behind the hack said they had ‘Super Admin’ level access to Verkada’s systems.

Verkada provides hybrid cloud security cameras and software that allows customers to access security camera footage from all locations using a web-based interface. The breach will be a major embarrassment for a firm that claims it “brings video security to the modern era.”

“We have disabled all internal administrator accounts to prevent any unauthorized access,” said Verkada in a statement provided to Bloomberg. Verkada’s internal security team and external security experts are currently investigating the scale and scope of the breach. The hacking group no longer has access now that the accounts have been disabled.

A member of the hacking group confirmed video footage obtained includes a Tesla plant in Shanghai, Sandy Hook Elementary School in Newtown, CT, Madison County Jail in Huntsville, AL, Halifax Health Medical Center in Florida, and a Massachusetts police station.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news