At Def Con this weekend, Josh Mitchell, a cybersecurity consultant with Nuix, showed how various mod
Mitchell looked at devices produced by five companies -- Vievu, Patrol Eyes, Fire Cam, Digital Ally and CeeSc -- and found that they all had major security flaws, Wired reports. In four of the models, the flaws could allow an attacker to download footage, edit it and upload it again without evidence of any of those changes having occurred.
Additionally, all five devices had vulnerabilities that could let an attacker track their location or manipulate their software. In the latter's case, that could include delivering malware to the device that might eventually give an attacker access to a police network. Further, Mitchell found that the devices lacked mechanisms to verify whether recorded footage is intact, had unsecured WiFi access points and had WiFi radios that gave away too much information about the devices themselves.
"With some of these vulnerabilities -- it's just appalling," Mitchell told Wired. "These videos can be as powerful as something like DNA evidence, but if they're not properly protected there's the potential that the footage could be modified or replaced. I can connect to the cameras, log in, view media, modify media, make changes to the file structures. Those are big issues."
In all, the findings point to a number of serious flaws that could threaten the integrity of body camera footage and, therefore, the whole point of body cameras themselves. "If there aren't reliable ways of ensuring that such equipment meets strong security standards, then something is deeply broken," ACLU Senior Policy Analyst Jay Stanley told Wired. "No police equipment should be deployed that doesn't meet such standards." Mitchell told Wired that he notified the five body camera companies of the issues he discovered and is working with them to close the vulnerabilities.