Tillie Kottmann, one of the hackers, told Bloomberg that they found the username and password of a Verkada “Super Admin” account lying exposed on the Internet. Using that account, they were able to view the camera feeds of all of the company’s customers.
Among camera footage provided by Kottmann, Bloomberg said it saw inside a Tesla warehouse in Shanghai, a hospital in Florida, and a police station in Massachusetts. Since learning of the intrusion, Verkada has disabled all internal administrator accounts.
Kottmann told Bloomberg that the hack “exposes just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit.”
Funnily enough, easy access to video feeds may have been the point.
Reuters noted that Verkada CEO Filip Kaliszan once said the company intentionally made it easy for many organisational users to view live video and share it when necessary – for example, with emergency responders.
As always, this seems to be a case of technological utility butting heads against security and privacy. What’s the right balance? We doubt there are easy answers.