When police body cameras first began to see widespread use, the case for them was clear: having a third-party digital witness involved in law enforcement scenarios provided a way to protect both perpetrator and officer and prevent the need to assess conflicting details when each party recounted the event.
But what if body cameras actually posed an enormous risk when it came to providing this reliable, unbiased footage? That’s exactly what one expert is saying.
A consultant named Josh Mitchell works for the security firm Nuix, and recently told Wired that he examined five major brands of security cameras for hacking vulnerability and each of them were like security “ticking time bombs.”
Mitchell says cameras from VIEVU, Patrol Eyes, Fire Cam, Digital Ally and CEESC are “full-feature computers walking around on your chest” and require the same kind of security mechanisms that would be necessary in any other critical setting. In the case of the body cameras, none of the manufacturers featured digital signatures on the uploaded footage. With no way to confirm whether the footage had been manipulated, Mitchell says hackers could download, edit and then re-upload the content without any sort of indication that it had been revised.
Malware could also make its way into these devices by way of hackers disguising their code as a software update, something the cameras seem to update without any necessary verification. Once “inside” these cameras, hackers could then easily gain access to entire police networks, says Mitchell.
The other big issue at hand is one that’s impacting almost all of IoT, says the report, and that’s a WiFi password that’s far too easily guessed.
Mitchell has since contacted the manufacturers of the cameras and one, VIEVU’s parent company Axon, says they are working to patch the vulnerabilities he’s identified.