Police Bodycams Can Be Hacked To Doctor Footage, Install Malware

AmiMoJo shares a report from Boing Boing: Josh Mitchell's Defcon presentation analyzes the security of five popular brands of police bodycams (Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc) and reveals that they are universally terrible. All the devices use predictable network addresses that can be used to remotely sense and identify the cameras when they switch on. None of the devices use code-signing. Some of the devices can form ad-hoc Wi-Fi networks to bridge in other devices, but they don't authenticate these sign-ons, so you can just connect with a laptop and start raiding the network for accessible filesystems and gank or alter videos, or just drop malware on them.

So bad it looks intentional

[kaptink]

I find it interesting that important, critical even, systems such as police bodycams and election voting machines in this age appear to have almost an intentional absence of any sort of integrity mechanisms. And can quite literally be manipulated in minutes with next to no effort. These flaws are not complex. They are things that should be picked up by even the technically absent as just looking at the system overviews - no encryption, no signing, ineffective and easily bypassible authentication (if any) as obvious caveats to a resilient system. I just don't buy this as simple and frighting negligence. And where are the pen tests? I call shenanigans!

Re:So bad it looks intentional

Niche companies seeking high profit margins on lowball government contracts by skipping features that customer does not understand?

I'm shocked!