Skip to main content
  1. Home
  2. Emerging Tech
  3. News

Police body cams are scarily easy to hack into and manipulate, researcher finds

By

Although the jury’s still out on their effectiveness, body-worn cameras for police are generally viewed as a positive development. As part of an effort to make law enforcement more transparent, the hope is that they may be used to both protect civilians against excessive use of force, as well as safeguard police against unfounded complaints. But body cams are not infallible — as a security researcher recently revealed.

Speaking recently in Las Vegas at the annual hacker conference DefCon, Nuix cybersecurity expert Josh Mitchell demonstrated how it is possible to manipulate footage from police body cams. Mitchell’s demo used five different cameras — including Vievu, Patrol Eyes, Fire Cam, Digital Ally and CeeSc — and showcased how these could be hacked into and potentially altered. This could include deleting or altering footage or amending crucial metadata, including where and when footage was shot. It could also open the door to bad actors being able to track the location of police officers.

Recommended Videos

“I have uncovered that hacking [and] editing body camera footage is not just possible, but entirely too easy,” Mitchell told Digital Trends. “These systems have multiple unsecured attack points, and fail to have even the most basic security practices. One device allowed root telnet access without a password. I could replace videos on another device by simply using FTP to overwrite existing evidence files. The third device encrypted and password protected evidence files by using the file name as the encryption key. None of the devices I have tested digitally sign the evidence files. Furthermore, every device I have tested allows for unsecured firmware updates.”

For obvious reasons, this is bad news. Making it worse is the fact that the security vulnerabilities are not difficult to exploit. Mitchell was able to carry out his hacks without needing to develop any custom software. “The risks would be entirely dependent on the motivation of the individual to carry out the attack,” he said. “I would say that the impact and ease of exploitation are very high.”

Mitchell suggests several possible solutions to the problem, although implementing all of these would likely mean purchasing new devices. They include digitally signing all evidentiary information, digitally signing all device firmware, randomizing all SSID and MAC information, utilizing modern exploitation prevention mechanisms, and keeping bundled software up-to-date.

“Proactively, departments need to disable wireless connectivity,” he said, noting that this is not possible in all cases.

Topics
Luke Dormehl
Luke Dormehl
Former Digital Trends Contributor
I'm a UK-based tech writer covering Cool Tech at Digital Trends. I've also written for Fast Company, Wired, the Guardian…
BYD’s cheap EVs might remain out of Canada too
BYD Han

With Chinese-made electric vehicles facing stiff tariffs in both Europe and America, a stirring question for EV drivers has started to arise: Can the race to make EVs more affordable continue if the world leader is kept out of the race?

China’s BYD, recognized as a global leader in terms of affordability, had to backtrack on plans to reach the U.S. market after the Biden administration in May imposed 100% tariffs on EVs made in China.

Read more
Tesla posts exaggerate self-driving capacity, safety regulators say
Beta of Tesla's FSD in a car.

The National Highway Traffic Safety Administration (NHTSA) is concerned that Tesla’s use of social media and its website makes false promises about the automaker’s full-self driving (FSD) software.
The warning dates back from May, but was made public in an email to Tesla released on November 8.
The NHTSA opened an investigation in October into 2.4 million Tesla vehicles equipped with the FSD software, following three reported collisions and a fatal crash. The investigation centers on FSD’s ability to perform in “relatively common” reduced visibility conditions, such as sun glare, fog, and airborne dust.
In these instances, it appears that “the driver may not be aware that he or she is responsible” to make appropriate operational selections, or “fully understand” the nuances of the system, NHTSA said.
Meanwhile, “Tesla’s X (Twitter) account has reposted or endorsed postings that exhibit disengaged driver behavior,” Gregory Magno, the NHTSA’s vehicle defects chief investigator, wrote to Tesla in an email.
The postings, which included reposted YouTube videos, may encourage viewers to see FSD-supervised as a “Robotaxi” instead of a partially automated, driver-assist system that requires “persistent attention and intermittent intervention by the driver,” Magno said.
In one of a number of Tesla posts on X, the social media platform owned by Tesla CEO Elon Musk, a driver was seen using FSD to reach a hospital while undergoing a heart attack. In another post, a driver said he had used FSD for a 50-minute ride home. Meanwhile, third-party comments on the posts promoted the advantages of using FSD while under the influence of alcohol or when tired, NHTSA said.
Tesla’s official website also promotes conflicting messaging on the capabilities of the FSD software, the regulator said.
NHTSA has requested that Tesla revisit its communications to ensure its messaging remains consistent with FSD’s approved instructions, namely that the software provides only a driver assist/support system requiring drivers to remain vigilant and maintain constant readiness to intervene in driving.
Tesla last month unveiled the Cybercab, an autonomous-driving EV with no steering wheel or pedals. The vehicle has been promoted as a robotaxi, a self-driving vehicle operated as part of a ride-paying service, such as the one already offered by Alphabet-owned Waymo.
But Tesla’s self-driving technology has remained under the scrutiny of regulators. FSD relies on multiple onboard cameras to feed machine-learning models that, in turn, help the car make decisions based on what it sees.
Meanwhile, Waymo’s technology relies on premapped roads, sensors, cameras, radar, and lidar (a laser-light radar), which might be very costly, but has met the approval of safety regulators.

Read more
Waymo, Nexar present AI-based study to protect ‘vulnerable’ road users
waymo data vulnerable road users ml still 1 ea18c3

Robotaxi operator Waymo says its partnership with Nexar, a machine-learning tech firm dedicated to improving road safety, has yielded the largest dataset of its kind in the U.S., which will help inform the driving of its own automated vehicles.

As part of its latest research with Nexar, Waymo has reconstructed hundreds of crashes involving what it calls ‘vulnerable road users’ (VRUs), such as pedestrians walking through crosswalks, biyclists in city streets, or high-speed motorcycle riders on highways.

Read more