According to a media report, unauthorized persons tapped 150,000 surveillance cameras from a US company in hospitals, prisons, schools and police stations, among other places: The perpetrators want to have found the password of a super administrator access on the Internet. The operator of the cameras specifically advertises security features and face recognition. Companies such as the electric car manufacturer Tesla and the IT security company Cloudflare are affected.
The hack was made public by Bloomberg. Accordingly, the “hackers” presented images from the Tesla site in Shanghai. The Californian start-up Verkada, from which the cameras come, told Bloomberg in an initial reaction that they were investigating “the extent of the potential problem”.
It does happen again and again that pictures of inexpensive security cameras for the household are tapped – especially if the users do not change the preset standard passwords of the devices. However, it shouldn’t happen that a company with large customers is so easily vulnerable.
Hundreds of cameras in the Tesla factory
The intruders showed Bloomberg footage of video surveillance from a Massachusetts police station, an Alabama prison and a Florida hospital. In the prison they managed to tap 330 cameras. At Tesla there were 222 cameras. They would also have gained access to the Verkada customers’ video archive.
According to their own statements, the “hackers” found access video surveillance data for an administrator account with extensive access, publicly available on the Internet. With this “super administrator” they were able to tap into many cameras. The hackers lost access after Bloomberg contacted Verkada.