Slashdot Mirror

← Back to Stories (view on slashdot.org)

Police Bodycams Can Be Hacked To Doctor Footage, Install Malware (boingboing.net)

Posted by BeauHD on from the eminently-hackable dept.

AmiMoJo shares a report from Boing Boing: Josh Mitchell's Defcon presentation analyzes the security of five popular brands of police bodycams (Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc) and reveals that they are universally terrible. All the devices use predictable network addresses that can be used to remotely sense and identify the cameras when they switch on. None of the devices use code-signing. Some of the devices can form ad-hoc Wi-Fi networks to bridge in other devices, but they don't authenticate these sign-ons, so you can just connect with a laptop and start raiding the network for accessible filesystems and gank or alter videos, or just drop malware on them.

6 of 104 comments (clear)

  1. Re:Early Warning System by HornWumpus · · Score: 3, Insightful

    The police lawyers will now make all the video inadmissible, as they could have been altered.

    Bet there was no contract provision for not idiotically easy to own. It sounds like they just lifted the video code from a _cheap_ drone.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  2. So bad it looks intentional by kaptink · · Score: 4, Insightful

    I find it interesting that important, critical even, systems such as police bodycams and election voting machines in this age appear to have almost an intentional absence of any sort of integrity mechanisms. And can quite literally be manipulated in minutes with next to no effort. These flaws are not complex. They are things that should be picked up by even the technically absent as just looking at the system overviews - no encryption, no signing, ineffective and easily bypassible authentication (if any) as obvious caveats to a resilient system. I just don't buy this as simple and frighting negligence. And where are the pen tests? I call shenanigans!

    --
    Those who can, do. Those who cannot, sue.
    1. Re:So bad it looks intentional by Anonymous Coward · · Score: 4, Insightful

      Niche companies seeking high profit margins on lowball government contracts by skipping features that customer does not understand?

      I'm shocked!

    2. Re:So bad it looks intentional by Solandri · · Score: 3, Insightful

      It's just the pick two rule. You can have these things made good, fast, or cheap - pick two.

      Invariably, the first adopters pick "fast" and "cheap". The incentive to pick "good" doesn't appear until after a few catastrophic failure cases result in large negative consequences (bad publicity, loss of your job, government regulation, jail time) for failing to pick "good".

  3. So what? by Harlequin80 · · Score: 3, Insightful

    Officer is on duty. Something royally hits the fan and is captured on bodycam. Within a very short space of time, while still on the scene, the body cam is shut down and stored in an evidence bag. The providence of that evidence is documented and recorded.

    From this point onwards the camera is powered off in a sealed tamper proof bag. It is then returned to the station and signed for. The bag is opened and the video is transferred to the storage system. Most likely the camera storage card is then also put into an evidence bag and sealed.

    So where does the ability to hack these camera matter? You aren't editing the footage in any way during this window.

    Just because a hack is possible doesn't mean there is a usage case for it.

    Lets say you upload malware. Who cares. You manage to take out a camera or 2 before they get cleaned. meh.

    1. Re:So what? by nasch · · Score: 3, Insightful

      Is that actually how the cameras are treated, or just how we wish they were?