UPDATED 21:44 EDT / AUGUST 13 2018

INFRA

Researcher finds leading police body cameras can be easily hacked

A demonstration at the Def Con hacker convention in Las Vegas over the weekend showed that body cameras that are increasingly becoming popular with U.S. police forces can be hacked and footage stolen or replaced.

The revelation came via security researcher Josh Mitchell, who analyzed five body camera models from five different companies: Vievu LLC, Patrol Eyes, Fire Cam, Digital Ally Inc. and CeeSc, all companies that pitch body cameras to law enforcement bodies for use by police officers.

In his presentation, Mitchell said that all of the models of body cameras he had studied had vulnerabilities. With the exception of the Digital Ally device, the vulnerabilities allow a hacker to download footage off a camera, edit things out or make modifications, and then upload it again with no record of the change.

All of the devices allow a hacker to track the location of the camera and manipulate the software they run.

The ease of hacking is attributed to poor security, including the use of mundane and easy-to-guess network addresses as well as a failure to use cryptographic mechanisms to confirm that firmware updates or uploaded videos are legitimate.

“With some of these vulnerabilities — it’s just appalling,” Mitchell told Wired. “These videos can be as powerful as something like DNA evidence, but if they’re not properly protected there’s the potential that the footage could be modified or replaced. I can connect to the cameras, log in, view media, modify media, make changes to the file structures. Those are big issues.”

Mitchell also warned that in addition to the issues around the manipulation of footage, the body cameras could also serve as a potential gateway to introduce malware into police networks that could lead to ransomware attacks, data theft and cryptojacking.

The global body-worn camera market is expected to grow to aboout $990 million by 2023, according to Market Research Future, and the market has already seen its share of acquisitions and mergers. Given that the primary consumers in the space are law enforcement, it would logically suggest that security should be a high priority, but so far it appears that it’s anything but.

Photo: Tony Webster/Wikimedia Commons

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.