Slashdot Mirror

← Back to Stories (view on slashdot.org)

Police Bodycams Can Be Hacked To Doctor Footage, Install Malware (boingboing.net)

Posted by BeauHD on from the eminently-hackable dept.

AmiMoJo shares a report from Boing Boing: Josh Mitchell's Defcon presentation analyzes the security of five popular brands of police bodycams (Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc) and reveals that they are universally terrible. All the devices use predictable network addresses that can be used to remotely sense and identify the cameras when they switch on. None of the devices use code-signing. Some of the devices can form ad-hoc Wi-Fi networks to bridge in other devices, but they don't authenticate these sign-ons, so you can just connect with a laptop and start raiding the network for accessible filesystems and gank or alter videos, or just drop malware on them.

4 of 104 comments (clear)

  1. So bad it looks intentional by kaptink · · Score: 4, Insightful

    I find it interesting that important, critical even, systems such as police bodycams and election voting machines in this age appear to have almost an intentional absence of any sort of integrity mechanisms. And can quite literally be manipulated in minutes with next to no effort. These flaws are not complex. They are things that should be picked up by even the technically absent as just looking at the system overviews - no encryption, no signing, ineffective and easily bypassible authentication (if any) as obvious caveats to a resilient system. I just don't buy this as simple and frighting negligence. And where are the pen tests? I call shenanigans!

    --
    Those who can, do. Those who cannot, sue.
    1. Re:So bad it looks intentional by Anonymous Coward · · Score: 4, Insightful

      Niche companies seeking high profit margins on lowball government contracts by skipping features that customer does not understand?

      I'm shocked!

  2. Re:WiFi? by fyngyrz · · Score: 4, Funny

    Why in the name of FSM are these things WiFi enabled? Why is that circuitry in there?

    Supervisor / lawyer / etc.: We need the bodycam footage
    Cop: Um, dropped it in the canal / off a cliff / lost it by accident, sorry, storage and camera lost
    Judge: Case decided in favor of cop's verbal testimony

    ...that's why.

    --
    I've fallen off your lawn, and I can't get up.
  3. Re:So what? by Harlequin80 · · Score: 5, Informative

    I don't know about US rules but it is under the rules for body cameras in Queensland, Australia.

    There are currently ~12k police officers in QLD and ~3k body cameras available. The rules in QLD are"Unless impractical, when an officer is carrying a BWC, the device is to be recording prior to and during the exercising of a police power under legislation; or applying a use of force."

    The policy goes on to define that in more detail, but it boils down to "if you are interacting or likely to interact with the public in any way have it turned on"

    The particular cameras they use are also running all the time. But they only begin storing once the officer presses record. What they do have is a 30 second buffer built in, so that it will store the 30s prior to the "start" click.

    The cameras have seemed to work at calming everyone down. There has been less assaults on police, less complaints against police, and higher charge to guilty ratio.

    One particularly interesting thing is that the body cams are not mandatory, but the officers are choosing to wear them. Especially when they are operating in the entertainment districts.