The Business Times

Verkada surveillance cameras at Tesla, hundreds more businesses breached

Hackers seeking to draw attention to pervasive monitoring of people after having found login information for camera maker's administrative tools publicly online this week

Published Thu, Mar 11, 2021 · 05:50 AM

San Mateo, California

A SMALL group of hackers viewed live and archived surveillance footage from hundreds of businesses including Tesla Inc by gaining administrative access to camera maker Verkada over the past two days, one of the people involved in the breach told Reuters.

Swiss software developer Tillie Kottmann, who has gained attention for finding security flaws in mobile apps and other systems, shared with Reuters recordings from inside a Tesla factory in China and showroom in California.

Additional footage came from an Alabama jail, hospital rooms, a police interview area and a community gym.

Ms Kottmann declined to identify other members of the group.

The hackers sought to draw attention to the pervasive monitoring of people after having found login information for Verkada's administrative tools publicly online this week, Ms Kottmann said.

GET BT IN YOUR INBOX DAILY

Start and end each day with the latest news stories and analyses delivered straight to your inbox.

VIEW ALL

Verkada acknowledged an intrusion, saying it had disabled all internal administrator accounts to prevent unauthorised access.

"Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement" and customers, the company said.

Ms Kottmann said Verkada cut off the hackers' access hours before Bloomberg first reported the breach on Tuesday.

The hacking group, if it had chosen, could have used its control of the camera gear to access other parts of company networks at Tesla and software makers Cloudflare Inc and Okta Inc, according to Ms Kottmann.

Cloudflare said its security measures are designed to block a small leak from becoming a wider intrusion, and that no customer data were affected. Okta said it was continuing to investigate but that its service was not affected. Tesla did not respond to a request for comment.

A list of Verkada user accounts provided by the hacking group and seen by Reuters includes thousands of organisations, including gym chain Bay Club and transportation technology startup Virgin Hyperloop.

Reuters could not independently verify the authenticity of the list or screenshots distributed by Ms Kottmann, but they included detailed data and matched other materials from Verkada.

Madison County Jail in Alabama, Bay Club and Virgin Hyperloop did not respond to requests for comment.

Verkada says on its website it has over 5,200 customers, including cities, colleges and hotels. Its cameras have proved popular because they pair with software to search for specific people or items. Users can access feeds remotely through the cloud.

In a 2018 interview with Reuters, chief executive Filip Kaliszan said Verkada had deliberately made it easy for many users at an organisation to watch live video feeds and securely share them, such as with emergency responders.

Verkada has raised US$139 million in venture capital, with the latest financing announced a year ago valuing the Silicon Valley startup at US$1.6 billion.

Verkada drew scrutiny last year after Vice reported that some employees had used company cameras and its facial recognition technology to take and share photos of female colleagues. Mr Kaliszan later described the behaviour as "egregious" and said three people had been fired over the incident. REUTERS

KEYWORDS IN THIS ARTICLE

BT is now on Telegram!

For daily updates on weekdays and specially selected content for the weekend. Subscribe to  t.me/BizTimes

Technology

SUPPORT SOUTH-EAST ASIA'S LEADING FINANCIAL DAILY

Get the latest coverage and full access to all BT premium content.

SUBSCRIBE NOW

Browse corporate subscription here