Massive video surveillance hack exposes Tesla, US hospital/jail security feeds
There have been a number of hacks in recent times, but the latest security breach involving Silicon Valley start-up Verkada Inc. strangely doesn't seem to be the malicious kind. A group of hackers exposed the intrusive video surveillance data collected by the company, which provides video surveillance and facial recognition solutions to technology firms such as Tesla and Cloudflare, prominent hospitals and even prisons.
Sophisticated surveillance system categorizes individuals using facial data, visual attributes
Verkada's surveillance system provides the likes of Tesla with facial recognition capability that is sophisticated enough to process the video feeds to categorize individuals based on various attributes including gender, clothing color, and facial features. By gaining root access to Verkada's network, the hackers demonstrated that the company has access to all surveillance footage and metadata, which should ideally be restricted to its clients.
A wake-up call for parties using Verkada's surveillance system
The hack, which serves as a wake-up call to high-profile parties involved, was achieved through rather unsophisticated means apparently owing to the laxity of Verkada, as the password for the administrator account was publicly exposed on the internet. This is all but confirmed by the fact that the hackers lost access the moment Bloomberg, which broke the story, contacted Verkada for a comment.
Verkada admins had complete access to clients' surveillance feeds
Electronic Frontier Foundation emphasized how Verkada's system, which is used in sensitive locations such as prisons and hospitals, has its own administrators watching over live feeds that should ideally be restricted to the clients alone. The foundation also questioned the legality of facial recognition systems used by Verkada's clients, since such implementations require informed consent from the employees being surveilled.
Some of the leaked footage reveals potential instances of misconduct
Notably, the footage released by the hackers reveals shocking instances ranging from hospital worker pinning down patients to correctional facilities with strangely named video feeds that hint at misconduct, with examples such as "ROUNDHOUSE KICK OOPSIE" and "SELLERS SNIFFING/KISSING WILLARD???". The breach is even more concerning because the hackers claim to have found password for the critical root access shared publicly on the internet.
