Verkada breach videos3/25/2023 ![]() ![]() As per Globaldata’s ‘Emerging Technology Trends Survey’ of more than 1,700 senior executives worldwide, 59% of respondents are already investing in IoT, and 40% are expected to accelerate their IoT investment over the next 12 months. The issue around privacy and data leaks related to IoT devices and implementations is expected to rise as IoT adoption will further increase in the coming years. Unstructured and fragmented security measures are a critical concern that impacts IoT’s reliability as an ecosystem. ![]() Incidents like this reveal the lack of robust IoT security practices. IoT is going to be pervasive, so are the associated security concerns ![]() The hackers obtained the “root” access on the cameras, which enabled them to pivot and access the broader corporate network of Verkada’s customers or hijack the cameras and use them as a platform to launch future hacks. Hackers gained access to Verkada through a “Super Admin” account, details of which were publicly exposed on the internet, allowing them to access all of its customers’ cameras. The hackers obtained access to 222 cameras in Tesla’s factories and warehouses. In addition, hackers got access to Verkada’s entire video archive of all of its customers. In this event, a group of hackers claimed to have gained access to the live footage of 150,000 surveillance cameras from various locations, including jails, hospitals, gyms, companies, and schools.Ĭompanies whose feeds were exposed include the electric car maker Tesla and cloud security provider Cloudflare. Recently, the Sequoia-backed start-up Verkada suffered a major cyber-attack. ![]() "APT-69420 is not backed by any nations or corporations, backed by nothing but being gay, fun and anarchy," she said.Unstructured and fragmented security measures are a critical concern that impacts IoT’s reliability as an ecosystem. Kottmann said her group of hackers is not motivated by money or sponsored by any country or organization. We simply logged into their web UI with a highly privileged user ," Kottmann said. We simply used their web app the way any user would, except we had the ability to switch to any user account we desired. "We do scans for very broad vectors looking for vulnerabilities. The company, she said, exposed an internal development system to the internet, which contained hard coded credentials for a system account which she said gave them full control over their system with "super admin" rights. Kottmann said that her group discovered a Verkada administrator username and password stored on an unencrypted subdomain. Screenshot of a prison facility from security footage provided by APT-69420. Kottmann provided CBS News with a 5 gigabyte archive containing video and images from the hack, and described the attack as "non-technical" and not difficult to pull off. Some of the material is highly personal, including video of patients in hospital intensive care units and prisoners inside the Madison County Jail in Huntsville, Alabama. The video and images purport to capture a range of activities that might be sensitive, like security video from the Tesla car manufacturing line and a screenshot from inside the security firm Cloudflare. The leaked footage appears to include major companies and institutions, but not private homes. She described Verkada, a Silicon Valley-based startup, as a "fully-centralized platform" which made it easy for her team to access and download footage from thousands of security cameras. According to the group's representative Till Kottmann, they accessed Verkada's systems on March 8 and the hack lasted for 36 hours. The hack was conducted by a loose-knit anti-corporate hactivist group called APT-69420, based in Switzerland. Video and AI security company Verkada was breached, giving hackers access to over 150,000 internet-connected security cameras that were being used inside schools, jail cells, hospital ICUs, and major companies like Tesla, Nissan, Equinox, Cloudflare and others. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |