Hackers breach security cameras at Tesla and hundreds of companies

10 Mar 2021

Image: Verkada

The attackers said they gained access to the systems of connected camera company Verkada and viewed live and archived surveillance footage.

Hackers have claimed that they gained access to security footage at hundreds of companies, including Tesla, after breaching the systems of enterprise security camera start-up Verkada.

According to Bloomberg, the group of hackers were able to access live camera footage and stored footage held by companies that were using Verkada’s internet-connected cameras.

The group claimed to have accessed 222 cameras at Tesla factories and warehouses. Cloudflare and Verkada’s own offices were among those impacted, the group claimed, as well as a number of schools, hospitals and gyms.

Bloomberg said it was shown videos from inside a hospital and a police station.

The hackers said they were able to gain administrative access to Verkada’s systems using credentials found online and eventually secured root access to the cameras of its customers.

“We have disabled all internal administrator accounts to prevent any unauthorised access,” Verkada said in a statement. “Our internal security team and external security firm are investigating the scale and scope of this potential issue.”

The company said it has notified law enforcement about the breach and is alerting customers to provide them with support.

A software developer named Tillie Kottmann has claimed responsibility, as part of a collective, for the attack. Kottmann told Bloomberg that the hack was driven by a desire to highlight security vulnerabilities in pervasive surveillance camera networks.

The collective’s access to the camera footage was cut off by Verkada, Kottmann said, just before Bloomberg’s report was published on Tuesday (9 March).

San Mateo-based Verkada says on its website that more than 5,000 enterprise organisations use its cloud-managed building security. It has raised $139m from investors including Sequoia Capital.

The company has faced allegations in the past over how well it secures its systems. Vice reported last October that some staff had used the company’s tech and facial recognition features to harass female workers. Those employees were fired after the report.

Jonathan Keane is a freelance business and technology journalist based in Dublin

editorial@siliconrepublic.com