Police Bodycams Can Be Hacked To Doctor Footage, Install Malware (boingboing.net) 104
AmiMoJo shares a report from Boing Boing: Josh Mitchell's Defcon presentation analyzes the security of five popular brands of police bodycams (Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc) and reveals that they are universally terrible. All the devices use predictable network addresses that can be used to remotely sense and identify the cameras when they switch on. None of the devices use code-signing. Some of the devices can form ad-hoc Wi-Fi networks to bridge in other devices, but they don't authenticate these sign-ons, so you can just connect with a laptop and start raiding the network for accessible filesystems and gank or alter videos, or just drop malware on them.
Just create a law prohibiting hacking the devices! (Score:1)
Just create a law that prohibits anyone from hacking these cameras -- problem solved! // sarcasm.
Re: (Score:2)
Hack the Police, ch-ch-ch-ch--ch! (Score:3, Funny)
I hacked the sheriff, but I did not wipe his bodycam... ooo oooo
Early Warning System (Score:4, Funny)
Need to know if there are any cops around for your illegal business? Don't worry, you can just setup a wifi scanner on your phone to alert you when a cop's camera comes within range! Effective at least a couple hundred meters and probably up to a km!
Government purchase contracts and decision-making has a poor reputation for a reason. This is just yet another example in a very long list.
Re:Early Warning System (Score:4, Insightful)
The police lawyers will now make all the video inadmissible, as they could have been altered.
Bet there was no contract provision for not idiotically easy to own. It sounds like they just lifted the video code from a _cheap_ drone.
Re: Early Warning System (Score:3)
Sounds like the cameras are working as intended, then.
That is to say, police behave better when the cameras are on, which is why the significant majority of cases are found to support police actions.
Homer: Not a bear in sight. The Bear Patrol must be working like a charm.
Lisa: Thatâ(TM)s specious reasoning, Dad.
Homer: Thank you, dear.
Lisa: By your logic I could claim that this rock keeps tigers away.
Homer: Oh, how does it work?
Lisa: It doesnâ(TM)t work.
Homer: Uh-huh.
Lisa: Itâ(TM)s just a stupid rock.
Homer: Uh-huh.
Lisa: But I donâ(TM)t see any tigers around, do you?
[Homer thinks of this, then pulls out some money]
Homer: Lisa, I want to buy your rock.
Re: (Score:2)
police behave better when the cameras are on
Exactly, when they are on and not turned off moments before they shoot the unarmed suspect in the back.
Re: (Score:3)
Haven't studies shown that the people with whom the police are engaging also behave better when the cameras are on?
Re: (Score:1)
I believe this is correct. Everyone behaves just a tad bit more when they know they are being filmed. This is why I support having EVERY cop wearing one.
Less confrontation all around, makes everyone's life easier.
Re: (Score:2)
Need to know if there are any cops around for your illegal business? Don't worry, you can just setup a wifi scanner on your phone to alert you when a cop's camera comes within range!
That also works with some of those "smart gun" systems the gun controllers try to foist on the public, to "keep the gun from being used by anyone but the owner".
Of course what's more fun (for the crookies) is to jam / DoS them, so the guns don't work for the cops, either. (Just like they fail when the batteries run down and the
Re: (Score:2)
Re: (Score:2)
Need to know if there are any cops around for your illegal business? Don't worry, you can just setup a wifi scanner on your phone to alert you when a cop's camera comes within range! Effective at least a couple hundred meters and probably up to a km!
Government purchase contracts and decision-making has a poor reputation for a reason. This is just yet another example in a very long list.
What kind of wifi hardware are you using? I want some! Around here at least, you'd be lucky to get 50 meters of detectable signal. Realistically usable speeds at closer to 25.
I would bet that the radios in these bodycams are decidedly low power devices, and that means low range.
Re: (Score:2)
You're not trying to create a useful wifi connection to use their device as an access point, all you're trying to do is detect any of the frames they're routinely transmitting and check the MAC address against a list of who the manufacturer is.
You aren't having a conversation and you don't need to transmit to detect, so you can just boost what you're receiving enough to get about a 5x increase for detection-only range (depending on other interference on the same channel). If you want to go to something on y
cameras can be hacked (Score:2)
Hacking the camera itself is only one flaw
Any video that has been used in a court case must be preserved until all possible appeals have been exhausted. I'll bet it'd be a lot easier to doctor the photos after they've been viewed and claim the whole case is flawed.
As a precaution all police departments (Score:2)
If it's running code, it's vulnerable: film at 11 (Score:2)
However, generally the police have proven largely indifferent to technology so there are not that many coders among them apparently, and experts in video time sync and editing usually requires an apprenticeship and access to expensive software that a cop on the beat is unlikely to conjure up.
So bad it looks intentional (Score:5, Insightful)
I find it interesting that important, critical even, systems such as police bodycams and election voting machines in this age appear to have almost an intentional absence of any sort of integrity mechanisms. And can quite literally be manipulated in minutes with next to no effort. These flaws are not complex. They are things that should be picked up by even the technically absent as just looking at the system overviews - no encryption, no signing, ineffective and easily bypassible authentication (if any) as obvious caveats to a resilient system. I just don't buy this as simple and frighting negligence. And where are the pen tests? I call shenanigans!
Re:So bad it looks intentional (Score:4, Insightful)
Niche companies seeking high profit margins on lowball government contracts by skipping features that customer does not understand?
I'm shocked!
Re: (Score:2)
Re: (Score:2)
Your house is about as critical as it gets for your life. Most locks are defeatable with a plastic card. deadbolts are defeatable with lock picks.
Neither batters because you have glass windows.
Maybe you have ugly steel bars on your windows. You have none around your air conditioner. In fact, your air conditioner likely has shut-off switch right outside where anyone can simply turn it off with the flip of a switch.
But a lack of air conditioning doesn't cause death in this country. So how about that cons
Re: So bad it looks intentional (Score:1)
uh, wtf are u on about
Re: (Score:2)
This is the only industry that thinks security should be everywhere. Absolutely no other consumer-based industry cares about security at all.
Nothing stops my car from driving into another car on the highway. There is no security. We call it laws. We enforce laws.
We don't stop anyone from hurting anyone else with a knife. Hell, you can walk down the street with a baseball bat over your shoulder, ready to swing. You can kill anyone with one swing to the head.
We don't complain that baseball bats should c
Re: (Score:3)
That works well unless it's fairly easy to tamper with the cameras without leaving a trail. I'm guessing it's easy. It's a lot harder to commit all those other crimes without leaving any evidence, and anyway there are security measures to prevent many of them besides. Laws and security are not mutually exclusive.
Re: (Score:2)
Me tossing dandelion seeds onto your lawn at midnight leaves a trail?
Me, with a small pocket knife in a crowded sidewalk stabbing you and walking away with the crowd leaves a trail? I wear gloves for half the year around here.
Dropping debris onto the highway leaves a trail?
My unplugging your air conditioner? Or stuffing a banana into your tailpipe, or into your furnace exhaust?
You either catch me doing it while I'm doing it, or I'm gone, never to be found. Same with wifi hacking -- presuming any degree o
Re: (Score:2)
I described the immense amount of resources to secure bodycams. Perhaps you didn't read them.
They were:
IT personnel
IT workspace
Device storage space
IT procedures
IT training
IT supervision
HR support of IT
Tech support
In most businesses today, I can't think of a department that costs more than the IT department.
Re: (Score:2)
Cameras are defeated very very easily. Between a mask, crowds, and a long silent get-away, it's over.
Here's what a six-digit uid gets you. Home cameras aren't for robbery prevention, and they aren't for security. They are to prove to the insurance company that you were robbed. That's it.
Another six-digit story.
I was driving, in a minivan, with my family, downtown, in traffic, stopped at a red light, third-car back. a big ugly sedan came up behind us, mounted the sidewalk, side-swiped my van, drove over
Re: (Score:2)
What's your point, that's what I'm wondering?
Re: (Score:2)
My point is that security isn't a realistically practical solution to these problems. Law enforcement is.
Re: (Score:1)
But the grocery store does tend to put expensive liquor in a lock box and we most certainly keep the controlled drugs behind the counter in the pharmacy. We even lock up most of our baby formula. Sure, we have a few containers of each on the shelf but if someone needs more then 3 they have to come ask at the front desk.
Retail puts razor blade packages in these turn-style things that make lots of noise when you get one. It's tedious to get one out and everyone is aware you are doing it. The idea would be if
Re: (Score:2)
agreed on all but your last point.
anything requiring "more" work, of any kind, would be refused. police got sold a system that is being used. that's a win.
i wouldn't be surprised to learn that officers refused to plug in a usb after each shift: "we stow our guns, and we go home to our families. it's always a long and dangerous day, and it's already one more device to be carried around. i already don't want it."
and i wouldn't blame them either.
Re: So bad it looks intentional (Score:2)
You can kill anyone with one swing to the head.
You've obviously never met Pope Ratso.
Re: (Score:2)
Demanding security in bodycams is like demanding security in filing cabinets.
You mean the guarded locked filing cabinets used to hold evidence in criminal cases?
Good call, that's a sound precedent.
(Only sensible thing you've said all day but even idiots get lucky sometimes.)
Re: (Score:2)
Yeah, they are "supposed" to be guarded and locked. And perhaps at night, when small departments are closed, they actually are. However, in reality, they are in-use all day, and no one's going to sit there and lock and unlock and lock and unlock the same filing cabinet hundreds of times every day. No one's going to fabricate a dozen keys to the same cabinet for the dozen users either.
And filing cabinet locks aren't exactly secure to begin with. Nor are the cabinet walls.
Re: (Score:2)
Sorry, I don't know what that is. I'm just a 40-year old, with a house, a car, a family, a career, and a bank account.
What are you? Oh says right there, a coward.
Re: (Score:2)
Most locks are defeatable with a plastic card.
Not the ones in my house. I'm sure a skilled lock picker could eventually open them, but it'd take them a while.
Neither batters because you have glass windows.
Nope.
Maybe you have ugly steel bars on your windows
Nope.
You have none around your air conditioner. In fact, your air conditioner likely has shut-off switch right outside where anyone can simply turn it off with the flip of a switch.
I don't have an air conditioner.
So how about that conspicuously white vent sticking out of your house? You know, the one from your furnace? The one carrying toxic fumes? What stops any passer-by from shoving a sock in there
The extremely long ladder they'd need to reach it.
and just killing you in your sleep?
My boiler malfunctioned and started putting out lethal doses of carbon monoxide. The levels that put people unconscious in seconds, kill them a minute later.
I didn't notice. I installed it in a well ventilated space and the boiler engineer only noticed the emissions when he hooked up his test equipment.
How much do you trust your carbon monoxide detector?
I do
Re:So bad it looks intentional (Score:4, Insightful)
Invariably, the first adopters pick "fast" and "cheap". The incentive to pick "good" doesn't appear until after a few catastrophic failure cases result in large negative consequences (bad publicity, loss of your job, government regulation, jail time) for failing to pick "good".
Re: (Score:2)
I'm a product engineer and I can tell you exactly how this happens without any deliberate malice. It's just pure incompetence.
Company sees a new market opening up due to improvements in battery and camera technology. Asks engineering staff to develop a bodycam. Market dictates the prices. Sales people dictate the features, like ad-hoc wifi that "just works". Support people demand that it's easy to support, e.g. hard coded root password and one click firmware updates.
Engineering department duly notes that th
Re: (Score:2)
I find it interesting that important, critical even, systems such as police bodycams and election voting machines in this age appear to have almost an intentional absence of any sort of integrity mechanisms.
Even more infuriating to me is that these devices do not implement even basic security measures, but smartphones have gotten progressively more difficult to root - signed bootloaders and eFuses make it onto devices consumers pay for, but they're absent from devices explicitly intended to ensure security?
These measures are even more present in digital slot machines, where firmware needs to be byte-for-byte what has been approved by regulators...meaning that gambling has greater protection than voting.
The onl
WiFi? (Score:3)
On, record, download later.
Re:WiFi? (Score:5, Funny)
Supervisor / lawyer / etc.: We need the bodycam footage
Cop: Um, dropped it in the canal / off a cliff / lost it by accident, sorry, storage and camera lost
Judge: Case decided in favor of cop's verbal testimony
Re: (Score:2)
Re: (Score:2)
You mean the wi-fi enabled thumbdrive I accidentally lost over the edge of a cliff into a canal can still be recovered? AWESOME!
Re: WiFi? (Score:2)
How does WiFi fix that problem?
Depends on the specifics, but, for example, the camera could be rigged to automatically transfer footage to the onboard computers in the police car. It's much harder to explain how you lost your cruiser off a cliff.
Re: (Score:2)
They saw Zero Dark Thirty and thought it would be really cool if they could see their troops^H^H^H^H^H officers' video feeds in real time like Delta Force.
Digital Existensialism. (Score:2)
Yeah. Now you really can't trust what you're shown, or what your e-books tell you.
It's a conspiracy nut's dream come true, and to the sane ones, this will be a total fucking nightmare, these next few decades.
If the Industrial Revolutions were a nightmare for most, and the post-war world a nightmare again, those will seem like rosy times, I think. What's coming is bound to be absolutely frightening. Post-truth. Post-reason. Ugh.
Trust (Score:2)
Is there anything left we can trust as reliable? In the age of fabricated just about anything.. in an age where computers can convincing super-impose faces on people in a video.. in an age where audio can be altered in any way you can imagine.. what can we trust anymore?
Starting to worry they'll hack our eyeballs and eardrums next. Nothing would surprise me at this point.
This just in (Score:2)
"hackers" can insert or change files in filing cabinets throughout virtually every police station!
last I checked, this would fall under obstruction of justice, at the very least.
it's not surprising that criminals can perform crimes.
start arresting them.
Re: (Score:2)
My health care system actually does work that way. Does yours need to verify your identity while you're unconscious and bleeding to death?
I am not a computer engineer... (Score:3)
...but seriously, what the ever-living fuck?
I mean, does anyone designing mission-critical shit ever think of this crap? It's not like wireless hacking was invented yesterday.
Maybe police body cams should be recording into an encrypted drive and simultaneously streaming to a drive sealed away in a black box in the cop car for error checking? And have NO ability to adjust the system in any way but with physical contact with some sort of unique dongle that registers infallibly when it's been used.
Re: (Score:1)
The thing I find amazing is that the cameras would EVER be connected to the internet!
What possible reason does a POLICE body camera have to connect to the internet??
Re: (Score:2)
What possible reason does a POLICE body camera have to connect to the internet??
Well, so it can download security updates of course.
Re: (Score:1)
Oh, well, that makes perfect sense, sorry for asking! :)
Wow Police Videos Hacked (Score:1)
Re: Wow Police Videos Hacked (Score:1)
These cameras usually record a 30 second video (no audio) continously before they are 'turned on'
Of course, the lens could be 'accidentally' covered during the cop's misdeed.
So what? (Score:4, Insightful)
Officer is on duty. Something royally hits the fan and is captured on bodycam. Within a very short space of time, while still on the scene, the body cam is shut down and stored in an evidence bag. The providence of that evidence is documented and recorded.
From this point onwards the camera is powered off in a sealed tamper proof bag. It is then returned to the station and signed for. The bag is opened and the video is transferred to the storage system. Most likely the camera storage card is then also put into an evidence bag and sealed.
So where does the ability to hack these camera matter? You aren't editing the footage in any way during this window.
Just because a hack is possible doesn't mean there is a usage case for it.
Lets say you upload malware. Who cares. You manage to take out a camera or 2 before they get cleaned. meh.
Re:So what? (Score:4, Insightful)
Is that actually how the cameras are treated, or just how we wish they were?
Re:So what? (Score:5, Informative)
I don't know about US rules but it is under the rules for body cameras in Queensland, Australia.
There are currently ~12k police officers in QLD and ~3k body cameras available. The rules in QLD are"Unless impractical, when an officer is carrying a BWC, the device is to be recording prior to and during the exercising of a police power under legislation; or applying a use of force."
The policy goes on to define that in more detail, but it boils down to "if you are interacting or likely to interact with the public in any way have it turned on"
The particular cameras they use are also running all the time. But they only begin storing once the officer presses record. What they do have is a 30 second buffer built in, so that it will store the 30s prior to the "start" click.
The cameras have seemed to work at calming everyone down. There has been less assaults on police, less complaints against police, and higher charge to guilty ratio.
One particularly interesting thing is that the body cams are not mandatory, but the officers are choosing to wear them. Especially when they are operating in the entertainment districts.
Re: (Score:2)
The particular cameras they use are also running all the time. But they only begin storing once the officer presses record. What they do have is a 30 second buffer built in, so that it will store the 30s prior to the "start" click.
Most sports cameras support loop record mode [hedcamz.com]. Use that and you'll always have the last X minutes before it was shut off, up to memory card capacity. There's literally no valid reason for body cams to not be in this mode in normal use.
Re: (Score:2)
Even high endurance cards are only good for 5-10k hours about 6months at 40hours a week. https://www.amazon.com/SanDisk... [amazon.com]
$20 every six months is easily covered by a single instance where video evidence shortens a court case.
Re: (Score:2)
With the bag and tag I was referring to major incident. In my jurisdiction that is any event where a weapon in drawn. The cameras are not treated that way for minor incidents. But minor incidents are generally not what we are concerned about.
Regarding malware into a video that would require a whole additional layer of compromise. You are talking a 2nd hack on top of the first. And frankly a malware that infects machines out of a standard mp4 or avi is way way scarier than this.
How do you remote hack a c
Re: (Score:3)
Cops turn up for a bust, but their ad-hoc wifi networks give them away.
Cops are conducting an operation and their ad-hoc wifi gets hacked, destroying evidence and exposing their unpatched Windows machines at the station to malware. Ransomware encrypts all their evidence files.
Cop does something illegal, decides they need to erase the bodycam footage.
Criminal does something illegal, decides they need to erase the bodycam footage.
Criminal exploits the insecure firmware update mechanism to load malware that di
Re: (Score:2)
You are missing a lot of the things that can be done.
1: Malware can be installed on the camera. Not to infect the camera, but to infect the police station where the evidence is synced. This gives access to the evidence store.
2: These act as beacons for exact locations for police. This puts them in danger. Bad guys get a beacon when the camera is there and on, and can even live stream what the camera sees.
3: Fake evidence can be uploaded to a camera within range. An ANTIFA member could fake a police bru
Re: (Score:2)
Deleting the footage is just one of many things one could do.
But at least... (Score:2)
It's not a bug (Score:2)
Police Bodycams Can Be Hacked To Doctor Footage
It's a feature.
ARREST HIM FFS (Score:2)