Last week we had a number of Security On-Demand teammates attend “Hacker Summer Camp”, otherwise known as DEFCON. In an effort to help share what they learned, we are going to post a series of short articles highlighting their interests. These topics do not always necessarily align with Security On-Demand’s primary business offerings, however they are very interesting cybersecurity topics and advancements that are significant to the global and local community, cybersecurity industry, and individual security and privacy. We hope you find them engaging, educational, and even actionable.
“Ridealong Adventures – Critical Issues with Police Body Cameras” – Presenter: Josh Mitchell
By Melanie Thomas, Cybersecurity Project Manager
Reviewing his in-depth research into police body cameras, presenter Josh Mitchell provided a compelling analysis of the critical (and very exploitable) vulnerabilities with five popular models of police body cameras. Originally researching seven, it leads one to wonder why two had to be requested to be removed from his presentation. Mr. Mitchell is a Principle Cybersecurity Consultant with Nuix with over 11 years of reverse engineering, exploit development, and vulnerability discovery. Researching complex security issues is his specialty; however during his presentation, it didn’t seem that exploiting these cameras was very difficult.
The body cameras varied in manufacturer, supporting technologies and design, as well as the storage of the video data itself. Several of the units had Wi-Fi and 3G/4G LTE capabilities, allowing it connect to not only other devices paired within an officer’s vehicle, but also connect to the controlling server to allow location tracking, live video feeds, and video uploading. As these communications were not secured, anyone who is familiar with these capabilities will find they can all be easily accessible by a hacker with purpose.
The body camera units and videos were also tied to phone and desktop applications. Using documentation of these devices (and even just a Google search), Josh was able to easily find the default usernames and passwords, as well as other details such as having a specific number of characters allowed for a password (PatrolEyes specifically has to be 6 characters). In one model, a user is able to root telnet into the device and in a few others, a user can pull a device config and see in decrypted text the username, password, and the Wi-Fi pre-shared key. Some vendors even provide a proud listing of law enforcement organizations who use their devices on their website.
Why is this concerning? At the base of this author’s concern is the simple fact that these videos are able to be used in a court of law as credible evidence, as accepted by the presiding judge. Without stringent security protecting the integrity of the camera itself, the transfer method, the storage medium and controlling accessibility, body camera footage used as evidence could be tampered with or altered. Imagine the scenario where an altered video causes an unjust guilty verdict for an innocent person. It undermines the credibility of the justice system. This could also lead to hacking of the law enforcement’s servers and release of the videos to the public, potentially impacting current or future court proceedings or violation of protected or confidential interactions. Once in these servers or other devices connected to the cameras, a malicious intruder can then let their imagination roll (but we will hope they exercise reasonable restraint).
While this type of breach has not occurred to the public’s knowledge, or perhaps an event hasn’t come to fruition worth tracing down, it may only be a matter of time. With the ability to alter the videos themselves, upload false or malicious files, and live stream a body camera, an intruder with or without malicious intent can easily do so and compromise potential evidence. The law enforcement body camera industry has gained significant popularity within the past few years, but without proper oversight and security processes, they may become more of a risk and vulnerability than an aid to the criminal justice system.
Josh Mitchell’s presentation is currently available on GitHub under bx-lr/presentations for DefCon 2018.
About Security On-Demand
Security On-Demand is an industry pioneer and recognized innovator within the managed security space. We are leading the industry in threat detection through behavioral analytics and machine learning.
Lane, L. (2017, March 20). Body Camera Footage Plays a Vital Role as Evidence. Retrieved August 15, 2018 from http://www.govtech.com/public-safety/Body-Cameras-Play-Vital-Role-as-Evidence.html
Mitchell, J. (n.d.). About [LinkedIn Page]. Retrieved August 15, 2018 from https://www.linkedin.com/in/josh-mitchell-0990ba6a/
Mitchell, J. (2018, August 11). Ride Along Adventures – Critical Issues with Police Body Cameras. Retrieved from https://github.com/bx-lr/presentations/blob/master/defcon_2018/Ride_Along_Adventures_8_11_18_v1.pdf