[post_ads]At Def Con this weekend, Josh Mitchell, a cybersecurity consultant with Nuix, showed how various models of body cameras
can be hacked, tracked and manipulated. Mitchell looked at devices
produced by five companies -- Vievu, Patrol Eyes, Fire Cam, Digital Ally
and CeeSc -- and found that they all had major security flaws, Wired reports. In four of the models, the flaws could allow an attacker to download footage, edit it and upload it again without evidence of any of those changes having occurred.
Additionally,
all five devices had vulnerabilities that could let an attacker track
their location or manipulate their software. In the latter's case, that
could include delivering malware to the device that might eventually
give an attacker access to a police network. Further, Mitchell found
that the devices lacked mechanisms to verify whether recorded
footage is intact, had unsecured WiFi access points and had WiFi radios
that gave away too much information about the devices themselves.
"With some of these vulnerabilities -- it's just appalling," Mitchell told Wired.
"These videos can be as powerful as something like DNA evidence, but if
they're not properly protected there's the potential that the footage
could be modified or replaced. I can connect to the cameras, log in,
view media, modify media, make changes to the file structures. Those are
big issues."
[post_ads_2]
In all, the findings point to a number of serious
flaws that could threaten the integrity of body camera footage and,
therefore, the whole point of body cameras themselves. "If there aren't
reliable ways of ensuring that such equipment meets strong security
standards, then something is deeply broken," ACLU Senior Policy Analyst
Jay Stanley told Wired. "No police equipment should be deployed that doesn't meet such standards." Mitchell told Wired that he notified the five body camera companies of the issues he discovered and is working with them to close the vulnerabilities.
COMMENTS