Police Bodycams Can Be Hacked To Doctor Footage, Install Malware

AmiMoJo shares a report from Boing Boing: Josh Mitchell's Defcon presentation analyzes the security of five popular brands of police bodycams (Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc) and reveals that they are universally terrible. All the devices use predictable network addresses that can be used to remotely sense and identify the cameras when they switch on. None of the devices use code-signing. Some of the devices can form ad-hoc Wi-Fi networks to bridge in other devices, but they don't authenticate these sign-ons, so you can just connect with a laptop and start raiding the network for accessible filesystems and gank or alter videos, or just drop malware on them.

Re:So what?

[Harlequin80]

I don't know about US rules but it is under the rules for body cameras in Queensland, Australia.

There are currently ~12k police officers in QLD and ~3k body cameras available. The rules in QLD are"Unless impractical, when an officer is carrying a BWC, the device is to be recording prior to and during the exercising of a police power under legislation; or applying a use of force."

The policy goes on to define that in more detail, but it boils down to "if you are interacting or likely to interact with the public in any way have it turned on"

The particular cameras they use are also running all the time. But they only begin storing once the officer presses record. What they do have is a 30 second buffer built in, so that it will store the 30s prior to the "start" click.

The cameras have seemed to work at calming everyone down. There has been less assaults on police, less complaints against police, and higher charge to guilty ratio.

One particularly interesting thing is that the body cams are not mandatory, but the officers are choosing to wear them. Especially when they are operating in the entertainment districts.