Police Bodycams Can Be Hacked To Doctor Footage, Install Malware (boingboing.net)

← Back to Stories (view on slashdot.org)

Police Bodycams Can Be Hacked To Doctor Footage, Install Malware (boingboing.net)

Posted by BeauHD on Wednesday August 15, 2018 @12:03PM from the eminently-hackable dept.

AmiMoJo shares a report from Boing Boing: Josh Mitchell's Defcon presentation analyzes the security of five popular brands of police bodycams (Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc) and reveals that they are universally terrible. All the devices use predictable network addresses that can be used to remotely sense and identify the cameras when they switch on. None of the devices use code-signing. Some of the devices can form ad-hoc Wi-Fi networks to bridge in other devices, but they don't authenticate these sign-ons, so you can just connect with a laptop and start raiding the network for accessible filesystems and gank or alter videos, or just drop malware on them.

104 comments

Min score:

Reason:

Sort:

Just create a law prohibiting hacking the devices! by Anonymous Coward · 2018-08-15 12:12 · Score: 1

Just create a law that prohibits anyone from hacking these cameras -- problem solved! // sarcasm.
Hack the Police, ch-ch-ch-ch--ch! by Anonymous Coward · 2018-08-15 12:17 · Score: 3, Funny

I hacked the sheriff, but I did not wipe his bodycam... ooo oooo
Early Warning System by _Sharp'r_ · 2018-08-15 12:18 · Score: 3, Funny

Need to know if there are any cops around for your illegal business? Don't worry, you can just setup a wifi scanner on your phone to alert you when a cop's camera comes within range! Effective at least a couple hundred meters and probably up to a km!
Government purchase contracts and decision-making has a poor reputation for a reason. This is just yet another example in a very long list.

--
The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
1. Re:Early Warning System by HornWumpus · 2018-08-15 12:45 · Score: 3, Insightful
  
  The police lawyers will now make all the video inadmissible, as they could have been altered.
  Bet there was no contract provision for not idiotically easy to own. It sounds like they just lifted the video code from a _cheap_ drone.
  
  --
  John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
2. Re:Early Warning System by Anonymous Coward · 2018-08-15 14:04 · Score: 0
  
  The problem with the police videos is in a significant majority of cases they are found to support police actions. Attorneys for plaintiffs suing the police will be the ones to seek to make the videos inadmissible. Defense Attorneys seeking to prevent their clients conviction will also try to prevent the admission of police videos that incriminate the same clients. But in almost all cases the videos will be admitted absent some proof of tampering. Both side will fight about it in court and the judge will rule and decide.
3. Re:Early Warning System by Anonymous Coward · 2018-08-15 15:36 · Score: 0
  
  Sounds like the cameras are working as intended, then.
  That is to say, police behave better when the cameras are on, which is why the significant majority of cases are found to support police actions.
4. Re:Early Warning System by Ungrounded+Lightning · 2018-08-15 19:48 · Score: 1
  
  Need to know if there are any cops around for your illegal business? Don't worry, you can just setup a wifi scanner on your phone to alert you when a cop's camera comes within range!
  That also works with some of those "smart gun" systems the gun controllers try to foist on the public, to "keep the gun from being used by anyone but the owner".
  Of course what's more fun (for the crookies) is to jam / DoS them, so the guns don't work for the cops, either. (Just like they fail when the batteries run down and the like.)
  Hint: There's already enough that can go wrong with a gun and keep it from working, without adding more failure modes. When your life depends on it and you pull that trigger, it's supposed to go "bang".
  
  --
  Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
5. Re: Early Warning System by c6gunner · 2018-08-15 21:31 · Score: 2
  
  Sounds like the cameras are working as intended, then.
  That is to say, police behave better when the cameras are on, which is why the significant majority of cases are found to support police actions.
  Homer: Not a bear in sight. The Bear Patrol must be working like a charm.
  Lisa: Thatâ(TM)s specious reasoning, Dad.
  Homer: Thank you, dear.
  Lisa: By your logic I could claim that this rock keeps tigers away.
  Homer: Oh, how does it work?
  Lisa: It doesnâ(TM)t work.
  Homer: Uh-huh.
  Lisa: Itâ(TM)s just a stupid rock.
  Homer: Uh-huh.
  Lisa: But I donâ(TM)t see any tigers around, do you?
  [Homer thinks of this, then pulls out some money]
  Homer: Lisa, I want to buy your rock.
6. Re:Early Warning System by Anonymous Coward · 2018-08-15 21:37 · Score: 0
  
  Don't worry, you can just setup a wifi scanner on your phone
  Great idea for an app. Anyone want to betatest CopRadar(TM) ?
7. Re:Early Warning System by volodymyrbiryuk · 2018-08-15 21:50 · Score: 1
  
  police behave better when the cameras are on
  Exactly, when they are on and not turned off moments before they shoot the unarmed suspect in the back.
  
  --
  sudo rm -r -f --no-preserve-root /
8. Re:Early Warning System by Cederic · 2018-08-15 22:48 · Score: 2
  
  Haven't studies shown that the people with whom the police are engaging also behave better when the cameras are on?
9. Re:Early Warning System by kelemvor4 · 2018-08-16 00:35 · Score: 1
  
  Need to know if there are any cops around for your illegal business? Don't worry, you can just setup a wifi scanner on your phone to alert you when a cop's camera comes within range! Effective at least a couple hundred meters and probably up to a km!
  Government purchase contracts and decision-making has a poor reputation for a reason. This is just yet another example in a very long list.
  What kind of wifi hardware are you using? I want some! Around here at least, you'd be lucky to get 50 meters of detectable signal. Realistically usable speeds at closer to 25.
  
  I would bet that the radios in these bodycams are decidedly low power devices, and that means low range.
10. Re:Early Warning System by Anonymous Coward · 2018-08-16 02:11 · Score: 1
  
  I believe this is correct. Everyone behaves just a tad bit more when they know they are being filmed. This is why I support having EVERY cop wearing one.
  Less confrontation all around, makes everyone's life easier.
11. Re:Early Warning System by Anonymous Coward · 2018-08-16 02:13 · Score: 0
  
  Wifi is ubiquitous, you can already scan for a police radio repeater and have greater range with fewer false positives
12. Re:Early Warning System by Anonymous Coward · 2018-08-16 03:16 · Score: 0
  
  > Effective at least a couple hundred meters and probably up to a km!
  Where the *fuck* can I get a wifi device that's useful "a couple of hundred meters" away? Whether I bring a laptop, a tablet or a phone outside (I have many of each), none can maintain a reliable wifi connection to my router when I'm in the backyard--a mere 30 feet away if I was to trace a straight diagonal line.
  I've also owned many different routers. The range on my 802.11ac is hardly any better than my old 802.11g.
13. Re:Early Warning System by Anonymous Coward · 2018-08-16 03:53 · Score: 0
  
  Government purchase contracts and decision-making has a poor reputation for a reason.
  Mainly related to people who want government employees to be experts in every subject, but want to push their pay even further below the private sector. Interestingly, those zealots are usually the ones who scream loudest about the free market, but then ignore how markets work when it comes to the market for labor in the public sector. "How can it be that if we pay less than the private sector and have greater expectations of performance that we get worse employees?!?!?! I'm so confused."
14. Re:Early Warning System by pnutjam · 2018-08-16 10:17 · Score: 1
  
  My kingdom for an modpoint, offtopic bullshit.
  
  --
  Cheap storage VM.
15. Re:Early Warning System by _Sharp'r_ · 2018-08-16 14:55 · Score: 1
  
  You're not trying to create a useful wifi connection to use their device as an access point, all you're trying to do is detect any of the frames they're routinely transmitting and check the MAC address against a list of who the manufacturer is.
  You aren't having a conversation and you don't need to transmit to detect, so you can just boost what you're receiving enough to get about a 5x increase for detection-only range (depending on other interference on the same channel). If you want to go to something on your roof with multiple higher gain antennaes, you're more likely to get too many false positives because of normal traffic and proximity of cops based on the range than to need to worry your physical range is too short.
  
  --
  The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
cameras can be hacked by minstrelmike · 2018-08-15 12:20 · Score: 1

Well who woulda thunk cameras could be hacked? Certainly not the people who know their voting machines could NEVER be hacked and if they were, then it was illegal and shouldn't have happened, so there.

Hacking the camera itself is only one flaw
Any video that has been used in a court case must be preserved until all possible appeals have been exhausted. I'll bet it'd be a lot easier to doctor the photos after they've been viewed and claim the whole case is flawed.
As a precaution all police departments by rsilvergun · 2018-08-15 12:35 · Score: 1

deactivate their cameras after drawing their firearms.

--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
If it's running code, it's vulnerable: film at 11 by sandbagger · 2018-08-15 12:50 · Score: 1

However, generally the police have proven largely indifferent to technology so there are not that many coders among them apparently, and experts in video time sync and editing usually requires an apprenticeship and access to expensive software that a cop on the beat is unlikely to conjure up.

--
---- The above post was generated by the Turing Institute. Maybe.
So bad it looks intentional by kaptink · 2018-08-15 12:52 · Score: 4, Insightful

I find it interesting that important, critical even, systems such as police bodycams and election voting machines in this age appear to have almost an intentional absence of any sort of integrity mechanisms. And can quite literally be manipulated in minutes with next to no effort. These flaws are not complex. They are things that should be picked up by even the technically absent as just looking at the system overviews - no encryption, no signing, ineffective and easily bypassible authentication (if any) as obvious caveats to a resilient system. I just don't buy this as simple and frighting negligence. And where are the pen tests? I call shenanigans!

--
Those who can, do. Those who cannot, sue.
1. Re:So bad it looks intentional by Anonymous Coward · 2018-08-15 13:21 · Score: 4, Insightful
  
  Niche companies seeking high profit margins on lowball government contracts by skipping features that customer does not understand?
  I'm shocked!
2. Re:So bad it looks intentional by holophrastic · 2018-08-15 13:35 · Score: 1
  
  Your house is about as critical as it gets for your life. Most locks are defeatable with a plastic card. deadbolts are defeatable with lock picks.
  Neither batters because you have glass windows.
  Maybe you have ugly steel bars on your windows. You have none around your air conditioner. In fact, your air conditioner likely has shut-off switch right outside where anyone can simply turn it off with the flip of a switch.
  But a lack of air conditioning doesn't cause death in this country. So how about that conspicuously white vent sticking out of your house? You know, the one from your furnace? The one carrying toxic fumes? What stops any passer-by from shoving a sock in there, and just killing you in your sleep?
  How much do you trust your carbon monoxide detector?
  Oh yeah. I bought this handful of dandelion seeds. What stops me from tossing them onto your nice green lawn?
  Imagine what a few ball bearings tossed onto a highway would do.
3. Re:So bad it looks intentional by Anonymous Coward · 2018-08-15 13:43 · Score: 0
  
  Niche companies seeking high profit margins on lowball government contracts by skipping features that customer does not understand?
  I'm shocked!
  This is probably the answer. Fixing the problem is certainly doable, but it requires determining what security standards are required and then putting them in future requisitions. Personally I'd ask someone like Bruce Schneier to supervise the standards determination process.
  Its pretty typical for security to lag features. Typically security is added after an incident makes it obvious you should have had it all along, and then it stays at that level until the next incident. Being proactive would be nice to have, but I'm not seeing it.
4. Re:So bad it looks intentional by Solandri · 2018-08-15 13:48 · Score: 3, Insightful
  
  It's just the pick two rule. You can have these things made good, fast, or cheap - pick two.
  
  Invariably, the first adopters pick "fast" and "cheap". The incentive to pick "good" doesn't appear until after a few catastrophic failure cases result in large negative consequences (bad publicity, loss of your job, government regulation, jail time) for failing to pick "good".
5. Re: So bad it looks intentional by Anonymous Coward · 2018-08-15 14:03 · Score: 1
  
  uh, wtf are u on about
6. Re:So bad it looks intentional by Anonymous Coward · 2018-08-15 14:07 · Score: 0
  
  So you are saying these flaws are not present in non governmental systems?
  I think you like to lie to yourself. And your wife.
7. Re:So bad it looks intentional by Anonymous Coward · 2018-08-15 14:20 · Score: 0
  
  That's normal engineering, this is government monopoly based law enforcement, so it's NONE. It will be terrible, it will be slow to acquire/construct/deploy/fix, and it will be monumentally expensive. Of course the fact the cams can be 'doctored', we will either get modified cam footage where it favors the police to be admitted as the Gospel or unmodified cam footage showing LEO's bashing in the skull of some ten year old for the crime of existing and triggering the 'roid-doped costumed thugs into a rage and that will be deemed inadmissible because "it's gotta be doctored, Officer Gorilla McWheatbelly can't be that savage, it's a setup!"
8. Re: So bad it looks intentional by holophrastic · 2018-08-15 15:00 · Score: 1
  
  This is the only industry that thinks security should be everywhere. Absolutely no other consumer-based industry cares about security at all.
  Nothing stops my car from driving into another car on the highway. There is no security. We call it laws. We enforce laws.
  We don't stop anyone from hurting anyone else with a knife. Hell, you can walk down the street with a baseball bat over your shoulder, ready to swing. You can kill anyone with one swing to the head.
  We don't complain that baseball bats should come with anti-swing mechanisms that only get unlocked by baseballs and batting cages.
  Demanding security in bodycams is like demanding security in filing cabinets. It just ain't worth it. Instead, go ahead and demand laws that make it illegal to hack into police bodycams. Then enforce those laws and arrest those criminals.
  That's how we've solved murderous rampage killings, and high-noon gun-fights, and train robberies, and bank robberies, and basically everything else from the days of the wild wild west.
9. Re:So bad it looks intentional by Anonymous Coward · 2018-08-15 15:47 · Score: 0
  
  The market demands cheap software. If you are too proactive when it comes to quality (security included), you price yourself out of the market and your competition gets the contract.
  And they get that contract precisely because they don't spend on security, whereas you would have.
  The market gets what it is willing to pay for. I know some places do formal processes wherein they vet the technical maturity level of their vendors....I have been involved in some of those....generally speaking the participants consider it a bullshit formality that they just need to get through. They don't want solid answers from a thorough investigation, they just want simple and technically-true-but-misleading answers so they can sign off on the vendor and fly back home.
  It is frustrating.
10. Re: So bad it looks intentional by nasch · 2018-08-15 16:38 · Score: 2
  
  That works well unless it's fairly easy to tamper with the cameras without leaving a trail. I'm guessing it's easy. It's a lot harder to commit all those other crimes without leaving any evidence, and anyway there are security measures to prevent many of them besides. Laws and security are not mutually exclusive.
11. Re: So bad it looks intentional by Anonymous Coward · 2018-08-15 16:46 · Score: 0
  
  Thus is not another consumer grade product that only needs to keep people honest or provide peace of mind. These cameras collect police evidence. There are strict procedures required when collecting and handling evidence because people’s freedom and perhaps lives are at stake.
  Of course Libertarianism has an answer: if you are executed based on falsified evidence from a body cam, no problem, you can always sue!
12. Re: So bad it looks intentional by holophrastic · 2018-08-15 16:52 · Score: 1
  
  Me tossing dandelion seeds onto your lawn at midnight leaves a trail?
  Me, with a small pocket knife in a crowded sidewalk stabbing you and walking away with the crowd leaves a trail? I wear gloves for half the year around here.
  Dropping debris onto the highway leaves a trail?
  My unplugging your air conditioner? Or stuffing a banana into your tailpipe, or into your furnace exhaust?
  You either catch me doing it while I'm doing it, or I'm gone, never to be found. Same with wifi hacking -- presuming any degree of nearby.
  The costs to securing a bodycam is effectively astronomical. Either you're removing features of convenience -- which then costs personnel to support -- or you're updating and maintaining and patching that security as a matter of routine -- which also costs personnel to support. In either case, you then need an office or workbench for said personnel and devices, along with procedures and workflows and supervision.
  Without security, the body cam never needs to leave the uniform. Its content is accessed remotely, as needed, by the personnel who already need it. Done.
  It's just not worth securing most things. We're the only consumer industry that touts security as the answer to crime.
  Your grocery store doesn't have a cage stopping you from stealing fruit. They even put some of that fruit on a stand OUTSIDE the store, in the parking lot!
13. Re: So bad it looks intentional by Anonymous Coward · 2018-08-15 17:42 · Score: 0
  
  You are giving examples of crimes which would require an immense amount of resources to prevent. Securing bodycams has a very low resource requirement and a much higher upside than watching for dandelion vandalism.
14. Re:So bad it looks intentional by Anonymous Coward · 2018-08-15 21:05 · Score: 0
  
  Your house is about as critical as it gets for your life. Most locks are defeatable with a plastic card. deadbolts are defeatable with lock picks.
  Neither batters because you have glass windows.
  Maybe you have ugly steel bars on your windows. You have none around your air conditioner. In fact, your air conditioner likely has shut-off switch right outside where anyone can simply turn it off with the flip of a switch.
  But a lack of air conditioning doesn't cause death in this country. So how about that conspicuously white vent sticking out of your house? You know, the one from your furnace? The one carrying toxic fumes? What stops any passer-by from shoving a sock in there, and just killing you in your sleep?
  How much do you trust your carbon monoxide detector?
  Oh yeah. I bought this handful of dandelion seeds. What stops me from tossing them onto your nice green lawn?
  Imagine what a few ball bearings tossed onto a highway would do.
  He read the Anarchist's Cookbook when he was twelve, and now that he's a big grown-up thirteen year old he's going to tell us all about it.
15. Re: So bad it looks intentional by c6gunner · 2018-08-15 21:39 · Score: 1
  
  You can kill anyone with one swing to the head.
  You've obviously never met Pope Ratso.
16. Re:So bad it looks intentional by AmiMoJo · 2018-08-15 22:13 · Score: 1
  
  I'm a product engineer and I can tell you exactly how this happens without any deliberate malice. It's just pure incompetence.
  Company sees a new market opening up due to improvements in battery and camera technology. Asks engineering staff to develop a bodycam. Market dictates the prices. Sales people dictate the features, like ad-hoc wifi that "just works". Support people demand that it's easy to support, e.g. hard coded root password and one click firmware updates.
  Engineering department duly notes that this creates security issues. Bosses don't care, they write it off as paranoia about sophisticated attackers (they know most cops can barely operate a computer) and are more interested in getting to market early with something that they can sell.
  This will only get fixed when cases start to collapse because the bodycam evidence is questioned and the customers start demanding better products. Otherwise there is no business case for security.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
17. Re:So bad it looks intentional by jythie · 2018-08-15 22:32 · Score: 1
  
  *nod* and in law enforcement contracts, the biggest determining factor comes down to 'is the company run by an ex-cop?'.
18. Re:So bad it looks intentional by Cederic · 2018-08-15 22:59 · Score: 1
  
  Most locks are defeatable with a plastic card.
  Not the ones in my house. I'm sure a skilled lock picker could eventually open them, but it'd take them a while.
  
  Neither batters because you have glass windows.
  Nope.
  
  Maybe you have ugly steel bars on your windows
  Nope.
  
  You have none around your air conditioner. In fact, your air conditioner likely has shut-off switch right outside where anyone can simply turn it off with the flip of a switch.
  I don't have an air conditioner.
  
  So how about that conspicuously white vent sticking out of your house? You know, the one from your furnace? The one carrying toxic fumes? What stops any passer-by from shoving a sock in there
  The extremely long ladder they'd need to reach it.
  
  and just killing you in your sleep?
  My boiler malfunctioned and started putting out lethal doses of carbon monoxide. The levels that put people unconscious in seconds, kill them a minute later.
  I didn't notice. I installed it in a well ventilated space and the boiler engineer only noticed the emissions when he hooked up his test equipment.
  
  How much do you trust your carbon monoxide detector?
  I don't. I don't need to. I have it as an additional precaution.
  
  Oh yeah. I bought this handful of dandelion seeds. What stops me from tossing them onto your nice green lawn?
  My lack of a nice green lawn?
  
  Imagine what a few ball bearings tossed onto a highway would do.
  I imagine it would get you arrested for littering.
19. Re: So bad it looks intentional by Cederic · 2018-08-15 23:01 · Score: 1
  
  Demanding security in bodycams is like demanding security in filing cabinets.
  You mean the guarded locked filing cabinets used to hold evidence in criminal cases?
  Good call, that's a sound precedent.
  (Only sensible thing you've said all day but even idiots get lucky sometimes.)
20. Re:So bad it looks intentional by Voyager529 · 2018-08-16 00:44 · Score: 1
  
  I find it interesting that important, critical even, systems such as police bodycams and election voting machines in this age appear to have almost an intentional absence of any sort of integrity mechanisms.
  Even more infuriating to me is that these devices do not implement even basic security measures, but smartphones have gotten progressively more difficult to root - signed bootloaders and eFuses make it onto devices consumers pay for, but they're absent from devices explicitly intended to ensure security?
  These measures are even more present in digital slot machines, where firmware needs to be byte-for-byte what has been approved by regulators...meaning that gambling has greater protection than voting.
  The only thing more sad about the priorities illustrated here is the fact that I'm not actually surprised.
21. Re: So bad it looks intentional by holophrastic · 2018-08-16 01:17 · Score: 1
  
  I described the immense amount of resources to secure bodycams. Perhaps you didn't read them.
  They were:
  IT personnel
  IT workspace
  Device storage space
  IT procedures
  IT training
  IT supervision
  HR support of IT
  Tech support
  In most businesses today, I can't think of a department that costs more than the IT department.
22. Re:So bad it looks intentional by holophrastic · 2018-08-16 01:18 · Score: 1
  
  Sorry, I don't know what that is. I'm just a 40-year old, with a house, a car, a family, a career, and a bank account.
  What are you? Oh says right there, a coward.
23. Re: So bad it looks intentional by holophrastic · 2018-08-16 01:21 · Score: 1
  
  Yeah, they are "supposed" to be guarded and locked. And perhaps at night, when small departments are closed, they actually are. However, in reality, they are in-use all day, and no one's going to sit there and lock and unlock and lock and unlock the same filing cabinet hundreds of times every day. No one's going to fabricate a dozen keys to the same cabinet for the dozen users either.
  And filing cabinet locks aren't exactly secure to begin with. Nor are the cabinet walls.
24. Re:So bad it looks intentional by Anonymous Coward · 2018-08-16 01:22 · Score: 0
  
  I just don't buy this as simple and frighting negligence. And where are the pen tests? I call shenanigans!
  Really? Because time and time again we see that companies put out shitty products with zero security, and then act all surprised they get hacked.
  Medical devices, security cameras, pretty much any Internet of Turds stuff, consumer electronics ... this shit gets pushed out with little or no security, default passwords, backdoors, malware, and everything else.
  I'm perfectly willing to believe the companies who make these are too lazy/incompetent to do security, and make products which are "easy" for people to use but which utterly fail at basic security.
  Why am I willing to believe this? Because we see news stories at least weekly about this shit.
  There doesn't need to be a conspiracy or shenanigans when we see time and time again just how bad companies are at putting security into their products.
25. Re: So bad it looks intentional by Anonymous Coward · 2018-08-16 02:27 · Score: 0
  
  "Me tossing dandelion seeds onto your lawn at midnight leaves a trail?" yes because i have video cameras
  "Me, with a small pocket knife in a crowded sidewalk stabbing you and walking away with the crowd leaves a trail? I wear gloves for half the year around here."
  Yes, closed circuit cameras in most public areas will find the first bread crumbs of a trail
  "Dropping debris onto the highway leaves a trail?"
  Most highways have cameras for traffic reporting and dash cams are starting to be a major thing
  "My unplugging your air conditioner? Or stuffing a banana into your tailpipe, or into your furnace exhaust?"
  yet again, home security cameras
  "You either catch me doing it while I'm doing it, or I'm gone, never to be found. Same with wifi hacking -- presuming any degree of nearby."
  NOPE! see the problem lies in the fact that you are cherry picking scenarios where cameras can catch you every time because you are physically interacting with the object being tampered with. you're are also forgetting to consider all the other physical evidence that you could potentially be leaving in each one of those scenarios. When it comes to hacking things over WiFi there is no physical interaction and thus easier to do with out leaving a trail.
  "The costs to securing a bodycam is effectively astronomical. Either you're removing features of convenience -- which then costs personnel to support -- or you're updating and maintaining and patching that security as a matter of routine -- which also costs personnel to support. In either case, you then need an office or workbench for said personnel and devices, along with procedures and workflows and supervision."
  The costs are not astronomical and clearly you have no idea about what the costs actually are. the problem lies in the trading of convenience for security but there in lies the rub, all of the personnel you have quoted as added costs already exist to enforce the chain of custody with respect to evidence and at most you would be creating another position or two per division.
  "Without security, the body cam never needs to leave the uniform. Its content is accessed remotely, as needed, by the personnel who already need it. Done."
  It can also be accessed and modified by people who have interest in making it in admissible in court, so sure it might not be an issue for the average street collar but for the big cases like drug and human trafficking it could mean that charges get dropped in court. Those bad guys make enough money that having a hacker around on a regular basis would be considered an operating expense and would not eat into the profits too much (these are people who pay millions for single use subs)
  "It's just not worth securing most things. We're the only consumer industry that touts security as the answer to crime.
  Your grocery store doesn't have a cage stopping you from stealing fruit. They even put some of that fruit on a stand OUTSIDE the store, in the parking lot!"
  Your grocery store has CAMERAS! security happens in layers and clearly you know nothing about it as you continually cherry pick your results with out thinking about it, one of the biggest security devices for physical objects is a camera. the problem with digital devices is there is no need to be physically interacting with the device to mess with it and when the cameras are prone to digital manipulation then it just eliminates that layer of security from physical items.
  Please just stop, your fantasy examples are poorly thought out and logically unsound. Clearly your understanding of security is misguided as you seem to believe in total security or none at all except that is not how things work in the real world. Take your car example from a previous post, sure there is no security keeping you from turning your car into oncoming traffic but there is clearly a need for security to keep a third party from hacking your car and doing the same thing.
  Just remember, when it comes to physical items there is always a trail to follow as physical evidence is much easier to find than digital evidence.
  personally i would expect more from a 6digit UID
26. Re: So bad it looks intentional by holophrastic · 2018-08-16 02:46 · Score: 1
  
  Cameras are defeated very very easily. Between a mask, crowds, and a long silent get-away, it's over.
  Here's what a six-digit uid gets you. Home cameras aren't for robbery prevention, and they aren't for security. They are to prove to the insurance company that you were robbed. That's it.
  Another six-digit story.
  I was driving, in a minivan, with my family, downtown, in traffic, stopped at a red light, third-car back. a big ugly sedan came up behind us, mounted the sidewalk, side-swiped my van, drove over a lawn, and turned the corner, all at real speed (~40 mph). Immediately behind it was a police car, which did the same (without side-swiping us). Two hours later, we were at the collision reporting section (such damaged is covered, after all) discussing what happened. The officer said they got away. The bad guys ditched the car a block later, and (in the officer's words) "turned their backwards hats around, and disappeared into the night-time restaurant crowds".
  They store a big car, and were chased by a police car not ten feet off their rear bumper. There were at least three passengers.
  Everything that you've said is absolutely true. Unfortunately, while every crime CAN be solved, I'll even give you that absolute, the resource costs, financial costs, and opportunity costs just don't make it feasible.
  That's what a six-digit uid gives you. It gives you the pattern recognition to see just how many times all of this has happened and been said oh so many times before.
  I don't need to prove to anyone that bodycams can't be secured. I just need to show you that there are hundreds of similar scenarios that have gone awry in my own lifetime. This is just yet one more.
  Now, tell me, how would you stop someone in a rural area from poisoning a farmer's corn? How many people could that kill? I promise, there are no cameras in the middle of nowhere farm land, and no humans either -- for miles.
27. Re:So bad it looks intentional by Anonymous Coward · 2018-08-16 03:23 · Score: 0
  
  Got any more anecdotes and exceptions to the rule?
28. Re: So bad it looks intentional by sarren1901 · 2018-08-16 04:21 · Score: 1
  
  But the grocery store does tend to put expensive liquor in a lock box and we most certainly keep the controlled drugs behind the counter in the pharmacy. We even lock up most of our baby formula. Sure, we have a few containers of each on the shelf but if someone needs more then 3 they have to come ask at the front desk.
  Retail puts razor blade packages in these turn-style things that make lots of noise when you get one. It's tedious to get one out and everyone is aware you are doing it. The idea would be if someone was getting lots of them out an employee would hopefully notice and say something.
  So security is not entirely an afterthought. We have money pickup at grocery stores too. An armored truck shows up with an armed guard that brings petty cash and coin and takes away our deposits.
  Police body cams really don't need much security. Some, sure. Ideally they should not have network interfaces. A usb cable or docking station for the camera after each shift would be fine. The police themselves already provide physical security which is most of what is needed on a device that can't network.
  Shame that isn't what the vendors sold the police.
29. Re: So bad it looks intentional by holophrastic · 2018-08-16 04:41 · Score: 1
  
  agreed on all but your last point.
  anything requiring "more" work, of any kind, would be refused. police got sold a system that is being used. that's a win.
  i wouldn't be surprised to learn that officers refused to plug in a usb after each shift: "we stow our guns, and we go home to our families. it's always a long and dangerous day, and it's already one more device to be carried around. i already don't want it."
  and i wouldn't blame them either.
30. Re:So bad it looks intentional by Anonymous Coward · 2018-08-16 07:52 · Score: 0
  
  Got more stupidity?
  The point that he was getting to, is that you can secure this stuff and many people do. A lot of it isn't even that hard to give reasonable security, but people are super cheap and lazy.
  To give you another anecdote which you claim to love... All "critical parts" of my house are covered by bio-metric locks, with security cameras, logging mechanisms, alarms, etc... With multiple levels of security. Not impossible to get past certainly, but you wouldn't manage to get anywhere with super simple means and avoid leaving clear and obvious evidence.
  holophrastic was just justifying his lazy ass ways.
31. Re: So bad it looks intentional by robsku · 2018-08-17 02:43 · Score: 1
  
  What's your point, that's what I'm wondering?
  
  --
  In capitalist USA corporations control the government.
32. Re: So bad it looks intentional by holophrastic · 2018-08-17 15:02 · Score: 1
  
  My point is that security isn't a realistically practical solution to these problems. Law enforcement is.
WiFi? by YrWrstNtmr · 2018-08-15 12:54 · Score: 2

Why in the name of FSM are these things WiFi enabled? Why is that circuitry in there?

On, record, download later.
1. Re:WiFi? by fyngyrz · 2018-08-15 13:01 · Score: 4, Funny
  
  Why in the name of FSM are these things WiFi enabled? Why is that circuitry in there?
  Supervisor / lawyer / etc.: We need the bodycam footage
  Cop: Um, dropped it in the canal / off a cliff / lost it by accident, sorry, storage and camera lost
  Judge: Case decided in favor of cop's verbal testimony
  ...that's why.
  
  --
  I've fallen off your lawn, and I can't get up.
2. Re:WiFi? by Aristos+Mazer · 2018-08-15 15:37 · Score: 1
  
  mod parent up!
3. Re:WiFi? by Calydor · 2018-08-15 17:02 · Score: 1
  
  You mean the wi-fi enabled thumbdrive I accidentally lost over the edge of a cliff into a canal can still be recovered? AWESOME!
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
4. Re:WiFi? by Anonymous Coward · 2018-08-15 21:13 · Score: 0
  
  How does WiFi fix that problem?
  I'm not sure a WiFi enabled bodycam at the bottom of a cliff / canal is any more help to a Judge than a non-WiFi enabled one.
  If that truly is the risk, then they shouldn't be WiFi enabled but connect to the phone network to periodically (ideally constantly - but network may not permit) upload to some secure server.
5. Re: WiFi? by c6gunner · 2018-08-15 21:42 · Score: 1
  
  How does WiFi fix that problem?
  Depends on the specifics, but, for example, the camera could be rigged to automatically transfer footage to the onboard computers in the police car. It's much harder to explain how you lost your cruiser off a cliff.
6. Re:WiFi? by AmiMoJo · 2018-08-15 22:16 · Score: 1
  
  They saw Zero Dark Thirty and thought it would be really cool if they could see their troops^H^H^H^H^H officers' video feeds in real time like Delta Force.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
7. Re:WiFi? by Anonymous Coward · 2018-08-16 10:21 · Score: 0
  
  Why in the name of FSM are these things WiFi enabled? Why is that circuitry in there?
  Supervisor / lawyer / etc.: We need the bodycam footage
  Cop: Um, dropped it in the canal / off a cliff / lost it by accident, sorry, storage and camera lost
  Judge: Case decided in favor of cop's verbal testimony
  ...that's why.
  Come on, that happens with our without WiFi.
Digital Existensialism. by TigerPlish · 2018-08-15 13:01 · Score: 1

Yeah. Now you really can't trust what you're shown, or what your e-books tell you.
It's a conspiracy nut's dream come true, and to the sane ones, this will be a total fucking nightmare, these next few decades.
If the Industrial Revolutions were a nightmare for most, and the post-war world a nightmare again, those will seem like rosy times, I think. What's coming is bound to be absolutely frightening. Post-truth. Post-reason. Ugh.

--
The "Civilized World" jumped the shark ca. 1973.
1. Re: Digital Existensialism. by Anonymous Coward · 2018-08-15 13:34 · Score: 0
  
  This will never be a post-war world until all life leaves it.
Trust by duke_cheetah2003 · 2018-08-15 13:20 · Score: 1

Is there anything left we can trust as reliable? In the age of fabricated just about anything.. in an age where computers can convincing super-impose faces on people in a video.. in an age where audio can be altered in any way you can imagine.. what can we trust anymore?
Starting to worry they'll hack our eyeballs and eardrums next. Nothing would surprise me at this point.
GITS by Anonymous Coward · 2018-08-15 13:24 · Score: 0

Instantly reminds me of Laughing Man from GITS
This just in by holophrastic · 2018-08-15 13:29 · Score: 1

"hackers" can insert or change files in filing cabinets throughout virtually every police station!
last I checked, this would fall under obstruction of justice, at the very least.
it's not surprising that criminals can perform crimes.
start arresting them.
1. Re:This just in by Anonymous Coward · 2018-08-15 17:28 · Score: 0
  
  I suppose you’d be fine if your bank started giving access to accounts with no verification of identity required. It’s illegal to withdraw money from someone’s account without their permission. Why waste resources on security when we can just have the police arrest anyone who violates the “honor system”?
  Maybe your health care providers can similarly streamline their operations and store your records with no protection other than the fearsome power of the Rule of Law. All these security features just add friction and drive up costs.
2. Re:This just in by holophrastic · 2018-08-16 01:14 · Score: 1
  
  My health care system actually does work that way. Does yours need to verify your identity while you're unconscious and bleeding to death?
I am not a computer engineer... by argStyopa · 2018-08-15 13:33 · Score: 2

...but seriously, what the ever-living fuck?
I mean, does anyone designing mission-critical shit ever think of this crap? It's not like wireless hacking was invented yesterday.
Maybe police body cams should be recording into an encrypted drive and simultaneously streaming to a drive sealed away in a black box in the cop car for error checking? And have NO ability to adjust the system in any way but with physical contact with some sort of unique dongle that registers infallibly when it's been used.

--
-Styopa
1. Re:I am not a computer engineer... by Anonymous Coward · 2018-08-15 15:09 · Score: 0
  
  Most police also download and old buggy police app for their phone - that allows their IT secirity to trace it, remote it, and wipe it and probably more. So a few drug cartels hang about coordination points so they can give tip off to planned busts. It will get better now wifi protocols have new fatal cve's. Many refused the free iPhone offer, and they did not like it when I said it works on my Samsung or no deal - even stanger because only some models.
  Maybe they should upload an an episode of Keystone cops so send the message loud and clear. Also dealers have frequency counters, a useful device to sense tactical messages when bust teams are close. Now they pack techno trash that paints a bullseye on their backs. Well done central purchasing.
2. Re:I am not a computer engineer... by DethLok · 2018-08-15 21:38 · Score: 1
  
  The thing I find amazing is that the cameras would EVER be connected to the internet!
  What possible reason does a POLICE body camera have to connect to the internet??
3. Re:I am not a computer engineer... by Anonymous Coward · 2018-08-16 02:33 · Score: 0
  
  The thing I find amazing is that the cameras would EVER be connected to the internet!
  What possible reason does a POLICE body camera have to connect to the internet??
  Who said anything about connecting to the internet?
4. Re:I am not a computer engineer... by tehcyder · 2018-08-16 03:01 · Score: 1
  
  What possible reason does a POLICE body camera have to connect to the internet??
  Well, so it can download security updates of course.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
5. Re:I am not a computer engineer... by DethLok · 2018-08-19 23:30 · Score: 1
  
  Oh, well, that makes perfect sense, sorry for asking! :)
You get what you pay for. by Anonymous Coward · 2018-08-15 13:58 · Score: 0

Lowest bidder wins gov't contract... Shitty product!
1. Re:You get what you pay for. by Anonymous Coward · 2018-08-15 21:44 · Score: 0
  
  Which is why government should specify useful features. If they want wifi on a cop camera, then it should use some sort of encryption and authentication.
  Otherwise, well-organized crime like mafia will have an app that logs onto nearby cop cameras, turn them off & erase the evidence. So no footage of pro cop killers. No footage of that dope deal - a cop saw something but all other witnesses says something else.
Re:Just create a law prohibiting hacking the devic by ma1wrbu5tr · 2018-08-15 14:09 · Score: 1

Noice

--
Why can't we go back to using jumpers to configure slot adapter cards? Why? I say!
Re:Just create a law prohibiting hacking the devic by Anonymous Coward · 2018-08-15 14:14 · Score: 0

We can call it the P.A.T.S.I. law or the (Police Anti-Tampering Security Intervention)
Upgrade fees by Anonymous Coward · 2018-08-15 14:31 · Score: 0

Careful on Single source supply. Interoperability might be more expensive in near term but will help bring costs down mid term.
Wow Police Videos Hacked by WindowsStar · 2018-08-15 14:57 · Score: 1

So all those police videos of the police beating, kicking, shooting, and treating someone badly are all fake! Wow! ""Sarcasm"". If the hacking is that easy then why do we have so many police abuse videos, shouldn't we have none?
1. Re:Wow Police Videos Hacked by Anonymous Coward · 2018-08-15 15:10 · Score: 0
  
  those are from bystanders and witnesses; because we already know cops turn off the cameras when they don't want their actions recorded (or turn them on when they're finding planted evidence that they do want 'on tape')
2. Re: Wow Police Videos Hacked by Anonymous Coward · 2018-08-15 22:29 · Score: 1
  
  These cameras usually record a 30 second video (no audio) continously before they are 'turned on'
  Of course, the lens could be 'accidentally' covered during the cop's misdeed.
Lock her up! by Anonymous Coward · 2018-08-15 14:58 · Score: 0

I toldja it's totally rigged, believe me! I did nothing, absoluuutely nothing! It's all fake footage. I did not attend that meeting; what you see on the video is a deeply state fake!
So what? by Harlequin80 · 2018-08-15 15:30 · Score: 3, Insightful

Officer is on duty. Something royally hits the fan and is captured on bodycam. Within a very short space of time, while still on the scene, the body cam is shut down and stored in an evidence bag. The providence of that evidence is documented and recorded.
From this point onwards the camera is powered off in a sealed tamper proof bag. It is then returned to the station and signed for. The bag is opened and the video is transferred to the storage system. Most likely the camera storage card is then also put into an evidence bag and sealed.
So where does the ability to hack these camera matter? You aren't editing the footage in any way during this window.
Just because a hack is possible doesn't mean there is a usage case for it.
Lets say you upload malware. Who cares. You manage to take out a camera or 2 before they get cleaned. meh.
1. Re:So what? by nasch · 2018-08-15 16:41 · Score: 3, Insightful
  
  Is that actually how the cameras are treated, or just how we wish they were?
2. Re:So what? by Anonymous Coward · 2018-08-15 16:57 · Score: 0
  
  Officer is on duty. Something royally hits the fan and is captured on bodycam.
  Or would have been, except the body cam was disabled.
  Maybe by a civilian directly involved. Maybe by the officer because he is crooked. Maybe by a third party for any number of reasons.
  
  So where does the ability to hack these camera matter? You aren't editing the footage in any way during this window.
  Maybe the hacked evidence just modified audio that would appear to originate off camera. Much easier to muddy the waters that way than doctoring video.
3. Re:So what? by Harlequin80 · 2018-08-15 18:08 · Score: 5, Informative
  
  I don't know about US rules but it is under the rules for body cameras in Queensland, Australia.
  There are currently ~12k police officers in QLD and ~3k body cameras available. The rules in QLD are"Unless impractical, when an officer is carrying a BWC, the device is to be recording prior to and during the exercising of a police power under legislation; or applying a use of force."
  The policy goes on to define that in more detail, but it boils down to "if you are interacting or likely to interact with the public in any way have it turned on"
  The particular cameras they use are also running all the time. But they only begin storing once the officer presses record. What they do have is a 30 second buffer built in, so that it will store the 30s prior to the "start" click.
  The cameras have seemed to work at calming everyone down. There has been less assaults on police, less complaints against police, and higher charge to guilty ratio.
  One particularly interesting thing is that the body cams are not mandatory, but the officers are choosing to wear them. Especially when they are operating in the entertainment districts.
4. Re:So what? by Anonymous Coward · 2018-08-15 19:26 · Score: 0
  
  Especially when they are operating in the entertainment districts.
  I'm going to sit in this dark, locked room for a while to, um, "review" the evidence...
5. Re:So what? by AmiMoJo · 2018-08-15 22:23 · Score: 2
  
  Cops turn up for a bust, but their ad-hoc wifi networks give them away.
  Cops are conducting an operation and their ad-hoc wifi gets hacked, destroying evidence and exposing their unpatched Windows machines at the station to malware. Ransomware encrypts all their evidence files.
  Cop does something illegal, decides they need to erase the bodycam footage.
  Criminal does something illegal, decides they need to erase the bodycam footage.
  Criminal exploits the insecure firmware update mechanism to load malware that disables the camera when certain wifi SSIDs are detected.
  Criminal creates fake footage framing cops/rivals and plants it on police bodycam.
  Criminal decides to brick all police bodycams with a bad firmware update.
  That's just off the top of my head.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
6. Re:So what? by drew_kime · 2018-08-16 02:50 · Score: 1
  
  The particular cameras they use are also running all the time. But they only begin storing once the officer presses record. What they do have is a 30 second buffer built in, so that it will store the 30s prior to the "start" click.
  Most sports cameras support loop record mode. Use that and you'll always have the last X minutes before it was shut off, up to memory card capacity. There's literally no valid reason for body cams to not be in this mode in normal use.
  
  --
  Nope, no sig
7. Re:So what? by Anonymous Coward · 2018-08-16 03:25 · Score: 0
  
  Just FYI standard SD cards won't hold up long doing that... most people only run thier sports cameras for short times.
  This issue occurs alot with dash cams as they almost always loop records and thus require SD cards designed for that abuse.
  Even high endurance cards are only good for 5-10k hours about 6months at 40hours a week. https://www.amazon.com/SanDisk-Endurance-Monitoring-Adapter-SDSDQQ-032G-G46A/dp/B00V5Q1K3O
8. Re:So what? by drew_kime · 2018-08-16 03:35 · Score: 1
  
  Even high endurance cards are only good for 5-10k hours about 6months at 40hours a week. https://www.amazon.com/SanDisk...
  $20 every six months is easily covered by a single instance where video evidence shortens a court case.
  
  --
  Nope, no sig
9. Re:So what? by wolfgang_spangler · 2018-08-16 04:57 · Score: 1
  
  You are missing a lot of the things that can be done.
  1: Malware can be installed on the camera. Not to infect the camera, but to infect the police station where the evidence is synced. This gives access to the evidence store.
  2: These act as beacons for exact locations for police. This puts them in danger. Bad guys get a beacon when the camera is there and on, and can even live stream what the camera sees.
  3: Fake evidence can be uploaded to a camera within range. An ANTIFA member could fake a police brutality case, and upload it to the camera, make a claim and point to the footage as evidence.
  4: Video files can be edited, and still show a valid signature because the checks are conducted in the wrong places.
  5: Every single time a crime is committed that the video is used for evidence for, the camera is simply NOT treated like you have stated. If it were, police would have to bag their camera after every single interaction. Every time the camera is on, evidence can be wiped, altered, or fake evidence implanted.
  This isn't theoretical, but was all demonstrated. You can say 'meh' but you clearly haven't thought this through.
10. Re: So what? by Anonymous Coward · 2018-08-16 05:47 · Score: 0
  
  This 10000x btw I'm @bx_lr on twitrer
11. Re:So what? by Anonymous Coward · 2018-08-16 09:05 · Score: 0
  
  I have had some experience with body cams in the US. I'm sure there are many models and options, but the LE group I worked with wanted wireless so that the video would transfer without user intervention on return to station. In other words, there is no expectation that the video is stored locally on the camera beyond while an officer is out. The video evidence is on a (hopefully) secured system. There is no "tag and bag" of the camera or a storage card -- if there was a significant event they would want it on their server ASAP.
  Either way, in principle malware is significant issue that you just blow off. For example, adding malicious code to a video so that it compromises whatever views it. Not funny at all.
  You also seem to think that there is no window of opportunity for tampering when there is plenty of time, starting from an incident (whether or not anyone realizes there is an incident, e.g., tampering with footage while nothing untoward is happening) to when the video footage is secured. I'm not sure why you think a remote hack would be bothered by your sealed, tamper proof bag. Do you not understand the "remote" part of "remote hacking"?
  Yes, body cams *demonstrably* have been for the better. Departments with better reputations *want* them (primarily because it makes it easier to toss frivolous complaints about police behavior). But that doesn't mean they should be insecure or couldn't be made better.
12. Re:So what? by Harlequin80 · 2018-08-16 12:40 · Score: 1
  
  With the bag and tag I was referring to major incident. In my jurisdiction that is any event where a weapon in drawn. The cameras are not treated that way for minor incidents. But minor incidents are generally not what we are concerned about.
  Regarding malware into a video that would require a whole additional layer of compromise. You are talking a 2nd hack on top of the first. And frankly a malware that infects machines out of a standard mp4 or avi is way way scarier than this.
  How do you remote hack a camera that is off? You wouldn't leave it running inside an evidence bag.....
13. Re:So what? by robsku · 2018-08-17 04:22 · Score: 1
  
  Deleting the footage is just one of many things one could do.
  
  --
  In capitalist USA corporations control the government.
See It's TOO HARD to Police The Police! by Anonymous Coward · 2018-08-15 15:32 · Score: 0

So DON'T EVEN TRY...
Love, The Police State
Who is Dr Footage? by Anonymous Coward · 2018-08-15 15:51 · Score: 0

This sounds interesting, hmmm?
But at least... by GerryGilmore · 2018-08-15 16:26 · Score: 1

they're not susceptible to Spectre/Meltdown! Based on the latest /. postings regarding S/M, if I'm not freaking out about it, all my passwords are stolen!!
It's not a bug by petes_PoV · 2018-08-15 20:18 · Score: 1

Police Bodycams Can Be Hacked To Doctor Footage
It's a feature.

--
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Enough ti e for deep fakes? by Anonymous Coward · 2018-08-15 22:23 · Score: 0

How would a hacker be able to download the video, deep fake it, then reupload the file in the time your typical officer is at the crime scene?
Most likely scenerio is that the files simply get erased and the flash memory overwritten with garbage.
ARREST HIM FFS by jbmartin6 · 2018-08-16 00:29 · Score: 1

This Doctor Footage has been getting away with murder for decades. Why don't they just arrest him for Pete's sake?

--
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.