Hackers Can Edit Police Body Cam Footage Without Anybody Noticing
Police body camera footage is touted as objective and transparent by law enforcement agencies, but a security researcher demonstrated how easy it is to manipulate and access body camera footage.
A VieVu camera on an NYPD cop. Image: Getty
Over the last decade or so, body cameras have been increasingly adopted by police agencies and touted as an effort to increase transparency in America's law enforcement agencies. In theory, body cameras can act as an “objective” third party during police encounters with civilians, thereby protecting civilians from excessive use of force and protecting police departments from unfounded claims of abuse.
There is scant evidence to suggest that body cameras limit the use of force or complaints about use of force, however, and now even their ability to faithfully record a police interaction is being cast into doubt. On Saturday Josh Mitchell, a cybersecurity consultant at Nuix, gave a presentation at DefCon, an annual hacker conference in Las Vegas, that demonstrated just how easy it is to manipulate the footage from police body cameras.
Mitchell demonstrated security vulnerabilities in five different police body cameras—Vievu, Patrol Eyes, Fire Cam, Digital Ally and CeeSc—and showed how a hacker could manipulate or delete footage and associated metadata (such as the location, time, and date where the video was shot) as well as expose police officers to tracking and surveillance.
For starters, none of the cameras demoed by Mitchell used cryptographic keys to ensure that the software and data on the device were not altered. This means that if an attacker gained access to the camera, either physically or by remotely exploiting vulnerabilities in the desktop applications used to interface with them, they would be able upload malicious software and the device would run it without any indication that something was wrong, opening the door for the manipulation or outright deletion of data on the device.
Even more troubling is the fact that the videos themselves aren’t cryptographically signed to verify their integrity. This means that a hacker can potentially plant or manipulate video files on the device and there’s no way for the software to tell that this isn’t the video actually shot by the camera when it’s being uploaded to the cloud or a PC by police officers.
Mitchell showed how the cameras also expose police officers to risk. With the exception of the CeeSc, all the cameras analyzed by Mitchell have WiFi capability. This is a feature meant to allow police officers to easily upload footage from the cameras to mobile stations in their vehicle. Yet this same feature also allows anyone with a WiFi receiver to track cops wearing body cameras.
One way to do this is by looking for MAC addresses—unique IDs associated with devices that are able to connect to networks—associated with the body cameras. It’s becoming common practice among manufacturers to randomize the MAC addresses for devices to make them harder to identify for any attacker that might be lurking in a network. Yet as Mitchell discovered, the MAC addresses broadcast by police body cameras use predictable formats. This means that anyone within WiFi range of the body camera will not only be able to tell that there is a cop with a camera nearby, but also the number of cops and the type of cameras being used by the officers.
"In the military and a very important and often overlooked thing is the ability to locate something in the field and be able to identify the emitter and platform,” Mitchell said during his talk. “Here the platform is the police and the emitter is the camera, and as a bad guy you might want to know that.”
Furthermore, the Vievu devices are able to act as WiFi access points on their own, which means that other devices can use the body camera to connect to the same network. Due to the lack of adequate authentication protocols for devices connecting to these private networks, this means that anyone with a WiFi-capable device can theoretically gain access to the camera’s data.
Another troubling aspect of VieVu’s wireless features, however, is that it can be turned into a livestream device by anyone with sufficiently powerful WiFi antenna. While this has been touted as a feature by the leading body camera manufacturer Axon, the livestream was only supposed to be available to the officers, not anyone with an antenna. Mitchell concluded his DefCon talk by demonstrating how easy it is to connect to the VieVu and start streaming footage from the camera remotely.
“The manufacturers like to say well, [the WiFi] is only supposed to work right [around the camera],” Mitchell said. “Yeah, because we all know WiFi antennas can’t pick up stuff from a miles away, which was demonstrated years ago. So if you want to live stream some video from a police officer whenever you want, well, that’s a feature.”
As body cameras proliferate in police departments around the world, auditing the technology for security vulnerabilities is critical to prevent the miscarriage of justice. It’s easy to treat video evidence as objective, but Mitchell’s research on body camera interfaces is a sobering reminder that even technology made by security firms can be woefully insecure.