Skip to main content

Tesla factories’ security cameras caught up in wider hack

A Silicon Valley startup offering cloud-based security camera services has had its systems breached in an attack that gave hackers access to numerous live feeds, some of them coming from Tesla factories.

Verkada, which launched in 2016, had around 150,000 of its cameras hacked, with many of the devices installed in hospitals, schools, police departments, prisons, and companies that besides Tesla also included software provider Cloudflare, according to a Bloomberg report on Tuesday, March 9.

Related Videos

Cameras inside Verkada’s own offices were also accessed.

Those responsible for the hack shared some of the captured footage with the news outlet. It included a video from inside a Florida hospital that appeared to show eight hospital workers wrestling a man before pinning him to a bed.

Some of the content also appears to show workers on an assembly line inside Tesla’s factory in Shanghai, China. The hackers claim to have gained access to as many as 222 cameras in multiple factories and warehouses owned by Tesla, Bloomberg reported.

More than 300 security cameras inside the Madison County Jail in Huntsville, Alabama, were also targeted in the hack. Some of the devices are concealed inside vents, thermostats, and defibrillators, according to the news outlet, and include Verkada technology capable of tracking inmates and staff using facial-recognition software.

Those behind the breach even claim it was even possible to listen in on interviews between police officers and suspects, along with high-definition footage of the interrogations.

The breach was reportedly carried out by a hacker, or group of hackers, going by the name “Tillie Kottmann,” and began on the morning of March 8.

Kottmann told Bloomberg that the breach “exposes just how broadly we’re being surveilled, and how little care is put into at least securing the platforms used to do so, pursuing nothing but profit,” adding, “It’s just wild how I can just see the things we always knew are happening, but we never got to see.”

In an emailed statement, Verkada told Digital Trends: “We have disabled all internal administrator accounts to prevent any unauthorized access. Our internal security team and external security firm are investigating the scale and scope of this issue, and we have notified law enforcement.”

The company added that it has notified affected customers about the breach and set up a dedicated support line to address their questions and issues.

Editors' Recommendations

Homeland Security bug bounty reveals huge number of flaws
A large monitor displaying a security hacking breach warning.

The outcome of a bug bounty program for the Department of Homeland Security (DHS) has been revealed, and it’s not particularly encouraging news for a government agency synonymous with cyber security.

Participants of DHS’ first-ever bug bounty program, named "Hack DHS," confirmed that they found a worrying number of security bugs.

Read more
Destructive hacking group REvil could be back from the dead
Person typing on a computer keyboard.

There was a period in 2021 when the computing world was gripped by fear of a dizzyingly effective hacking group fittingly named REvil -- until its website was seized by the FBI and its members arrested by Russia’s security services, that is. Yet like a malevolent curse that just can’t be dispelled, it now seems the group’s websites are back online. Has the group returned to spread discord and wreak havoc once again?

In case you missed them the first time around, REvil came to global attention by hacking into various high-profile targets, pilfering secret documents, then threatening their release unless a ransom was paid. In a notable case, the group stole and published files from Apple supplier Quanta Computer, including some that spilled the beans on unreleased product designs.

Read more
Experts found a record number of zero-day hacks in 2021
A digital depiction of a laptop being hacked by a hacker.

Google has published the 2021 review of Project Zero, revealing a record amount of zero-days exploits (labeled as “one of the most advanced attack methods”) exhibited by some of the world’s largest technology companies.

Project Zero is an initiative started by Google in 2014 aimed at detailing security defects known as zero-day exploits. These vulnerabilities are dangerous as they essentially remain undetected unless a mitigation system has been implemented, thus leaving systems, databases, and the like completely exposed to hackers.

Read more