While security hacks are always disconcerting, the recent Verkada security firm camera hack did have a benefit – at least for one of the hackers. He revealed the reason the cameras were hacked was it was “too much fun not to do it.” Tesla was among the firm’s customers that were exposed, along with governmental locations, such as a prison and a hospital.
Security Cameras Hacked
The hackers claimed they were able to access the live security camera feeds of the Verkada security firm. The company’s customers can view the 150,000 camera feeds remotely and use facial recognition to access the feeds.
A username and password for an administrative account were found on a publicly-available webpage. This provided the hackers access to the internal networks of some of the firm’s customers. Tesla and an Alabama jail were two of the customer feeds that were accessed.
Swiss software developer Tillie Kottmann is known for exposing security flaws. He said the intention behind the Verkada security firm hack was to show how easy the cameras could be accessed and how ubiquitous they had become as well.
Tesla and Others’ Feeds Exposed
The hackers released screenshots of their bounty to the news media and social media. Kottmann gave screenshots of an Alabama jail to Reuters and also posted some to Twitter. Among the other images were a warehouse that he said belonged to Tesla.
There were also images from the Equinox gym and even from inside the home of a Verkada employee. This had been archived footage of the employee as “he completes an atlas puzzle with his kids.”
An Arizona prison kept archived footage as well. It had titles such as “Roundhouse Kick Oopsie” and “Autumn Bumps His Own Head.” There was also a feed from a Massachusetts prison that showed police officers interrogating a handcuffed man. A hospital feed depicted what appeared to be staff tackling a man on a bed.
Bloomberg had been first to report the hack. After it did so, the hackers lost access to the feed.
“Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement,” reported the Verkada security firm.
Kottmann’s need to get attention provided insight into the hackers’ motives. They were led to carry out this attack by “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also just too much fun not to do it.”
And remember: this was all because login details were left out in the open, for the taking, on a webpage. Most interestingly, this happened to a security company.