[ad_1]
High protection and security guaranteed. This is how the American company Verkada is announced. The software company developed a sophisticated system for surveillance cameras. Prisons, hospitals, schools, and even Tesla around the world trusted the startup and were bitterly disappointed.
Last week, the system was hacked by the Swiss hacker collective “Advanced Persistent Threat 69420”. They gained access to the system and thus gained access to more than 150,000 cameras around the world. The head of the collective is Till and Tillie Kottmann (21) from Lucerne. He is not a stranger. The 21-year-old speaks repeatedly in the media about security issues and last year he ran for the Socialist Youth for the Lucerne city hall. Now an American security company has proven.
But you didn’t need a super hacker for the camera bump, explains Compass Security’s Cyrill Brunschwiler on Jona SG. He is a professional hacker. Your company takes advantage of corporate IT security in search of weak spots. The hacker collective did nothing more. “In this case, the weak point was discovered and they wanted to kill the company instead of seeking dialogue. We call this hacktivism. “
The hacker should have surprised himself
And apparently in this case it was not particularly difficult to find the vulnerability. “The group claims it got access through a Verkada internal development system. Critical access data was stored there, ”says BLICK’s IT security analyst. The problem: the development system was visible to everyone on the Internet. So are sensitive access data. This made it possible to log into the system as an administrator and thus gain access to the cameras. An authorization that only have around 100 Verkada employees.
Actually, there shouldn’t be such a glaring security hole. “Especially if it is a company in the security sector. Imagine a bank that develops a new system and the account data of the productive system would be accessible “.
It would take some computer skills to find this scandalous weak point. Brunschwiler to BLICK: “It’s doable for a computer scientist.” He believes that Kottmann himself might have been surprised when he discovered the login details and realized what is possible with it.
“That master password shouldn’t even exist”
This vulnerability is also a scandal for the Swiss Chaos Computer Club (CCC). It is outrageous that there is even a login to access all the cameras. “Such a master password shouldn’t even exist,” CCC spokesman Volker Birk tells BLICK. If a CCC member had noticed this, it would have been made public as well. “It would be irresponsible not to do that.”
It is only a matter of time before such hacks occur. “We have had cases of this type in the past and we will see more cases of this type in the future. Anyone who installs a camera that transmits their data ‘to the cloud’ and is accessible from the Internet is potentially susceptible to this. ‘
The FBI is investigating Kottmann
The Verkada hack should not be without consequences for the Swiss. Meanwhile, the FBI got involved. The Lucerne canton police searched the computer scientist’s apartment on Friday and seized several electronic devices. When asked by the cantonal police, the authority immediately referred to the Federal Office of Justice (FOJ). When asked, FOJ spokesman Raphael Frei confirmed “that Switzerland has received a request for legal assistance from the United States in this matter.”
Kottmann is accused of fraud and unauthorized access to protected computers, among other things. At BLICK’s request, the 21-year-old does not want to comment on the camera shot so far.
Published: 03/15/2021, 17:51
