Hacked security firm Verkada allows employees to see customers’ cameras

Monitoring startup Verkada allegedly enabled dozens of employees to peek at their customers – just as hackers attacked the company.

More than 100 Verkada employees had access to internal “Super Admin” privileges, which hackers used to receive feeds of more than 150,000 million on Monday, According to Bloomberg News.

That means a wide range of workers could see the internal functioning of Verkada’s customers, including major companies such as prisons, hospitals, schools and Tesla, the outlet cited three former employees on Wednesday.

“We had 20-year-old interns who had access to over 100,000 cameras and could see all their feeds globally,” Bloomberg was quoted as saying by a source.

Tikki Kottmann is one of the activists responsible for the Werkada Breach Monitoring research firm IPVM He posed as an employee with “super admin” privileges to break into the company’s system.

According to Bloomberg, Super Admin accounts are supposed to allow Verkada workers to fix products and help customers with problems. But the company’s loose security measures allegedly made it easier to misuse the system.

Bloomberg reported that employees had to present a reason for accessing the customer’s camera, but documentation was rarely examined, meaning a worker could enter a location to access the feed.

Super admin users can also disable the “privacy mode” that allowed Verkada customers to hide cameras from the company’s view, according to the outlet. It is clearly unclear how many customers knew that Verkada employees could use their cameras.

“Customers did not know and were not known to tell customers in the company,” a source with direct knowledge of the matter told IPVM. “None of the customers asked directly that no sensible person would be expected to be able to do this between a team to a vendor.”

Verkada told Bloomberg that it has clear policies for how employees should use the Super Admin feature, which was only available to employees who needed to address “customer questions and technical issues”.

Super admin users can also disable
Super admin users can also disable the “privacy mode” that allowed Verkada customers to hide cameras from the company’s point of view.
Ted S. Warren / AP

A spokesman for the company quoted Bloomberg as saying, “Both Verkada’s training programs and policies are clear to employees that it is necessary to support staff members and seek the customer’s explicit permission before accessing the customer’s video feed.”

Be the first to comment

Leave a Reply

Your email address will not be published.


*