As a result of hacking into the infrastructure of Verkada, which manufactures smart surveillance cameras with support for face recognition, attackers got full access to more than 150 thousand cameras used in companies such as Cloudflare, Tesla, OKTA, Equinox, as well as in many banks, prisons, schools, police stations and hospitals.
Members of the APT 69420 Arson Cats hacker group mentioned that they have root access on devices in the internal network of CloudFlare, Tesla and Okta, cited as evidence of video recording of images from cameras and screenshots with the results of executing typical commands in the shell with root rights. The attackers said that if they wanted to, they could gain control of half of the Internet within a week.
Hacking Verkada was done through an unprotected system of one of the developers, directly connected to the global network. On this computer, the parameters of the administrator account were found, which has the right to access all elements of the network infrastructure. The obtained rights were enough to connect to the clients’ cameras.
Representatives of Cloudflare, one of the largest content delivery networks, confirmed that the attackers were able to gain access to the cameras Verkada surveillance used to monitor corridors and entrance doors in some offices that have been closed for about a year. Immediately after identifying the incident, Cloudflare disconnected all problem cameras from office networks and conducted an audit, which showed that the attack did not affect customer data and processes. Cloudflare uses a Zero Trust model for security, which isolates segments and ensures that hacking of bleach systems and vendors does not compromise the entire company.