Why These Police Body Cams Are Vulnerable to Hacking
A security consultant says many popular police body cam brands are vulnerable to remote digital attacks that could allow a hacker to track their location or manipulate footage.
Though police-worn body cams are generally seen as a positive, new research has brought to light some startling news. The software used for many popular police body cam brands are vulnerable to remote digital attacks, including ones that could result in the modification of captured footage, according to a security consultant.
Josh Mitchell, a consultant at security firm Nuix, analyzed five body camera models from companies that market their devices to law enforcement groups in the United States. He claims all of the devices he tested had security issues that could allow a hacker to track their location or manipulate the software, reports Wired.
Mitchell also found that in all but one of the devices, certain vulnerabilities in the software allows for hackers to delete footage altogether or download and edit footage and then re-upload it, leaving behind no signs of a change.
Furthermore, Mitchell alleges some of the sophisticated models that contain radios for Bluetooth or cellular data connectivity have weaknesses that can allow hackers to stream live footage of the cameras.
“With some of these vulnerabilities — it’s just appalling,” said Mitchell. “I approached this research by trying to find industry trends that are prevalent across multiple devices. There are issues for each of the five devices I looked at that are specific to that device, but there are also trends in general across all of them. They are missing many modern mitigations and defenses.”
Mitchell fears the vulnerabilities may put law enforcement officials at risk. Many body cameras use predictable identifiers, allowing for a hacker with a long-range antenna to track police locations.
For example, said Mitchell, since body cameras are often only activated when police carry out certain operations, someone may recognize ten body cameras all activated in one localized area as a sign of a potential raid.
Additionally, Mitchell said the bodycams don’t have a cryptographic mechanism to confirm the validity of the video files. Consequently, when the devices sync with a cloud server or PC, there is no way to know that the camera footage is intact.
“I haven’t seen a single video file that’s digitally signed,” Mitchell said. “These videos can be as powerful as something like DNA evidence, but if they’re not properly protected there’s the potential that the footage could be modified or replaced. I can connect to the cameras, log in, view media, modify media, make changes to the file structures. Those are big issues.”
Mitchell shared his findings with the five businesses and is currently working with some of them to address the security issues.
“It’s a complex ecosystem and there are a lot of devices out there with a lot of problems,” Mitchell added. “These are full-featured computers walking around on your chest, and they have all of the issues that go along with that.”
Editor’s Note: This story first ran in Security Sales and Integration’s sister publication Campus Safety.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!
What were the 5 brands tested and the flaws per brand?