Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Privacy Security

Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals (bloomberg.com) 53

Posted by msmash from the security-woes dept.
New submitter ekeko writes: A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada, gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools. Companies whose footage was exposed include carmaker Tesla and software provider Cloudflare. In addition, hackers were able to view video from inside women's health clinics, psychiatric hospitals and the offices of Verkada itself. Some of the cameras, including in hospitals, use facial-recognition technology to identify and categorize people captured on the footage. The hackers say they also have access to the full video archive of all Verkada customers. In a video seen by Bloomberg, a Verkada camera inside Florida hospital Halifax Health showed what appeared to be eight hospital staffers tackling a man and pinning him to a bed. Halifax Health is featured on Verkada's public-facing website in a case study entitled: "How a Florida Healthcare Provider Easily Updated and Deployed a Scalable HIPAA Compliant Security System." A spokesman for Halifax confirmed Wednesday that it uses Verkada cameras but added that "we believe the scope of the situation is limited."
This discussion has been archived. No new comments can be posted.

Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals More

Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals

Comments Filter:

  • and why save that video to an 3rd party host? also if there is an network issue to that 3rd party is there no way for local staff to view live? or even view past X days?

    • Please, fill out this form, sir.
    • Ok, here it is.
    • Sir, you left half the form blank!
    • I don't think, you need that to treat me. Nor to get paid by my insurance.
    • Oh, ahem, uhm, just fill it out — we're HIPAA-compliant and value privacy...
    • No...
    • Ok, let me check with the supervisor...

    Don't be afraid of the dirty looks — just say no...

    • Re: (Score:1)

      by Anonymous Coward
      I'm an advocate for privacy but surely your doctor may be able to provide better treatment knowing something about your medical history?

      • Not to mention to allow the Doctor to Confer with other colleges with an issue.
        In short you are just making everyone's lives difficult, if they don't bill your insurance, they are going to bill you (often at 2-3x the price). If they find that you are hard to work with, they will not probably give you a normal self pay discount. If you don't pay your bill then they send creditors after you, which could hit your credit score.

        Please feel free to read the documents clearly to know what will and will not happ

    • Every time I have my physical the nurse runs through some drug and alcohol abuse questionnaire which goes directly into some kind of database.

      And every time I ask her who in their right mind would answer yes and let it get entered into a computer system.

      • Hm well.. by definition who in their right mind abuses drugs and alcohol?

        For the ocd crowd please note I said abuse not use.

        • I mean the questions don't even start out with "are you a raging coke and pills fanatic?"

          It's like "Have you used cocaine in the last 3 months?"

          Lather, rinse, repeat, for heroin, opioid pills, prescription opioids, methamphetamine, and marijuana. I'm assuming the duplication among opioid varieties is to catch people using/abusing pills who wouldn't answer affirmatively for heroin or who might be getting opioids from a different doctor (though that is tracked at the state level here).

          I *mostly* think in rel

          • Like if I break my arm and I said I smoked marijuana occasionally, are they going to treat me like a drug abuser and not provide pain management.

            Yes, there is that possibility. They don't want you to get addicted which can cause other issues. In fact, doctors are now required to document every type of pain medication they prescribe to patients so that patient can't go to another doctor and get more. This is to prevent addiction from happening.

            Oddly they don't ask about tranquilizers like Xanax, and I guess

            • This is during my annual physical, it's not a specific visit for treatment of a specific condition. I don't have any conditions for which I get any treatments. Plus, I've definitely had experiences in the past where I've been prescribed medication and didn't even find out until the pharmacist gave me the medication that there were significant contraindications and risks (which if you get prescriptions filled in the US, you know how unlikely it is that you have any kind of formal consultation with a pharma

        • Hm well.. by definition who in their right mind abuses drugs and alcohol?

          Mostly everyone. That's coping mechanism, and I presume you will soon be coping with the realization of your utter idiocy.

    • Ron Swanson, is that you?

      • Please, fill out this form, sir.
      • Ok, here it is.
      • Sir, you left half the form blank!
      • I don't think, you need that to treat me. Nor to get paid by my insurance.
      • Oh, ahem, uhm, just fill it out — we're HIPAA-compliant and value privacy...
      • No...
      • Ok, let me check with the supervisor...

      Don't be afraid of the dirty looks — just say no...

      The universal law of forms. They exist to be filled. It doesn't matter what they are filled with.

  • data is saved on the local camera + cloud??

    Is there an way to have an local server? How much info can some get my just steeling one crammer? How much data can be lost be destroying the crammer?

    Say break-in and destroy the crammer they may lose the needed high res pic's needed to id someone and just have small 20kb stream up to the event,

  • Abuse of authority... (Score:3)

    by b0s0z0ku ( 752509 ) on Wednesday March 10, 2021 @02:31PM (#61144730)
    Good that the cameras were hacked. I hope it exposes quite a lot of abuse by jailers and police ... if it leads to the imprisonment or firing of crooked employees of the American carceral state, the country would be a better place for it. Anything that tears down a bit of the mass incarceration system that's plaguing the US is a good thing. It's a disgrae that we keep 1% of our adults in prison at any given time.
    • Honest question for you. Supposing you combed through all of the released footage and found no instances of abuse or inappropriate behavior, would you still maintain a belief that it's crooked?

      Also, isn't it a bit odd to hope for the imprisonment of some people while bemoaning the incarceration system in the next breath? It's about as absurd as people who are pro-life believing a doctor who performs an abortion should receive the death penalty.
      • I bemoan the incarceration system for victimless crimes like drug use, drug sales to consenting adults, and sex work between consenting adults. I think that people in power who abuse their authority actually DESERVE to be in prison or to simply be ostracized by society to the point that their lives aren't worth living. We need to lock up more people in power (abusive cops, corrupt politicians, former jailers) and fewer people for having a speck of crack cocaine on the carpet of the used car they bought la
        • Tell my friend who's teenage son died of a fentanyl overdose when he thought that he was buying Vicodin that it's a victimless crime.
        • The younger brother of an old girlfriend is schizophrenic. He struggles to hold down a job and has a generally miserable life. It all started when he was given (not sold) some marijuana as a young adult - doctors claimed that that would have been enough to trigger the condition. Consenting, but impressionable and ill-informed regarding consequences. The son of another friend is a heroin addict. The addiction has caused untold damage to his health and wellbeing, besides financial ruin and psychological fall

      • Re: (Score:2)

        by hey! ( 33014 )

        You can believe there are too many people in prison and also believe that *some* people ought to be in prison; even that some people ought to be in prison who aren't.

        Everybody knows someone who uses marijuana; and yet there are 40,000 people serving prison sentences for possessing small amounts of the stuff. You can reasonably think that those people should not be in prison but none of the HSBC bankers who laundered money for drug cartels and terrorists got any prison.

        The fact that poor people who have a f

        • I had to look up that 40,000 figure you cited, and I do see the article(s) that reference that value. However they also use the terminology of 'marijuana offenses' and not the 'possessing small amounts of the stuff'.

          For the amount of research I'm willing to do, there are other reports showing that people going to prison for just possession is much, much smaller than certain politicians might have us believe.
          -A survey by the Bureau of Justice Statistics showed that 0.7% of all state inmates were behind bars

      • Hello alvinrod, let me introduce a concept called "nuance".

        I'm not just trying to be snarky, but why has nuance become so lost on people today when I see conversations and statements like yours?

        Have you actually taken the time to ride that line of reasoning to its inevitable ruin and absurdity?

        Case in point, I would think most pro-lifers are about saving the unborn because they haven't done anything wrong in their eyes yet to deserve to be incarcerated, let alone receive "the death penalty"...the dr, in the

    • Re: (Score:2)

      by Ichijo ( 607641 )

      It's a disgrae that we keep 1% of our adults in prison at any given time.

      It's a disgrace that we treat them poorly instead of rehabilitating and returning them to society as quickly as possible.

      • That's an additional layer of disgrace.

  • This wasn't getting data from the Cars Cameras but from the their buildings security camera's. But I would think you want to single out the Jails, Hospitals and other Medical facilities that they got onto. Because that would be a real privacy concern to you, so you know not to go there Vs watching some guys fix/build a car.

    Now even for a company like Tesla who is very vertically integrated. I doubt they will put their R&D behind their factories security camera's but just buy it from a company. Shoul

    • I think the jail and police station thing is more of a concern for abusive jailers and cops who may have been caught red-handed abusing victims of the US "justice" system.
      • (I may add, if this leads to abusive cops or jailers losing jobs, being sued, going to prison, or being exposed to their communities for what they are and ostracized during a pandemic, that would be a VERY good thing.)
    • They singled out Tesla for the same reason that Apple is all that's talked about when Foxconn makes headlines, despite the fact that Microsoft, Dell, Amazon, HP, Sony, LG, Samsung, and countless others all use them too. It grabs headlines. No one cares about Dell. People care about the poster boys of the tech industry and that drives website clicks.

  • development system has fixed password same as prod and not only that but has control over the full multi tenants?

    Some cloud systems do have multi tenants where they get there more less own VM's. And others are like you get your own DB but not local root / SA to it and it is being shared with others on the same sysrtem. So you need to do way less then an Meltdown / Spectre hack to get to other tenants

  • No amount of convenience is worth the risk of putting your security system in the cloud. Users got what they asked for here, ease of use and nothing else.

  • "Scalable HIPAA Compliant Security System" OK so how about patient data security? Wonder if they are wishing they had actually been HIPAA compliant like they told everyone.
    • Of course we are HIPAA compliant! It's in the cloud man! you just don't understand. The cloud is "What ever you want it to be and no one ever really has to do anything."

      Well except outsource to us so we can provide the cert. saying your OK.

  • In this case, who is on the hook for HIPAA violation? The hospital or the third party that safekeeps the HIPAA patient's data?

    • Re: (Score:2)

      by sconeu ( 64226 )

      The hospital is on the hook for HIPAA. The third party is on the hook to the hospital.

  • There: headline corrected for accuracy.

Slashdot Top Deals

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Close