A security researcher from technology company Nuix revealed that police body cameras are easy to hack and manipulate.
Speaking at the DEFCON hacker conference in Las Vegas, cybersecurity expert Josh Mitchell demonstrated how to manipulate a footage from police body cams. The researcher used Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc cameras to showcase the hack program. The hacking process included deleting or altering footage or amending crucial metadata, including where and when the footage was shot. The researcher also stated that it could help the bad actors to track the location of police officers.
“I have uncovered that hacking and editing body camera footage is not just possible, but entirely too easy,” Mitchell told in a media statement. “These systems have multiple unsecured attack points and fail to have even the most basic security practices. One device allowed root telnet access without a password. I could replace videos on another device by simply using FTP to overwrite existing evidence files. The third device encrypted and password protected evidence files by using the file name as the encryption key. None of the devices I have tested digitally sign the evidence files. Furthermore, every device I have tested allows for unsecured firmware updates.”
Mitchell carried out his hack program without using any custom software. “The risks would be entirely dependent on the motivation of the individual to carry out the attack. I would say that the impact and ease of exploitation are very high,” he added.
The researcher also suggested various prevention mechanisms like digitally signing all evidentiary information and device firmware, randomizing all SSID and MAC information, and keeping software up-to-date in order to mitigate the potential vulnerabilities.