With local governments in the U.S. planning to make body cams mandatory for police officers, concerns about data safety and security have arisen after a cyber-security expert demonstrated how body cams can be used by hackers to fulfill their devious purposes.
Governments are mulling body cams as a means to make the police accountable for their actions, specifically to stop police from abusing their power and victimizing innocent citizens. And although various studies suggest that abuse from police officers is not reduced even with the use of body cams, the footage can provide the victims sufficient proof to take unlawful officers to court.
However, cybersecurity expert Josh Mitchell from Nuix recently exposed the various ways body cams can be misused by hackers. And a big danger is in the form of footage modification in which a hacker can get into a secure body cam and alter the recorded footage as per their needs.
“These videos can be as powerful as something like DNA evidence, but if they’re not properly protected there’s the potential that the footage could be modified or replaced. I can connect to the cameras, login, view media, modify media, make changes to the file structures. Those are big issues,” Mitchell is quoted by Gizmodo.
The body cam models used by Mitchell for the exposé included those that are specifically aimed at law enforcement, like Patrol Eyes, CeeSc, Digital Ally, Axon’s Vievu, and so on. In most of the cases, Mitchell was able to show the security vulnerabilities of these models by hacking into them and making changes to file structures, deleting footage, editing objects completely out, etc.
In addition to the risk of being hacked by a third party, body cams were also at risk from negligent and poor personal security measures of those who wear them. It was discovered that most officers used the default credentials to access the data of the devices, which makes it very easy for others to get ahold of the stored data. No cryptographic protections were used in any of the body cams.
Another issue that stood out was that the officers never signed off any of the footage. This is a serious problem since any footage that has not been signed cannot be properly validated. And this would bring the authenticity of the video footage into question, destroying the chances of it being used as acceptable proof in a court of law.
Most of the models also had Wi-Fi capabilities. However, officers failed in properly masking the IP addresses of the body cams. This makes the devices easy to track by a hacker, thereby giving away the position of the officers in the middle of sensitive operations. Hackers could also upload malware into the body cams and crash the devices.
After Mitchell disclosed the vulnerabilities of the body cams, several companies started creating patches for them. Patrol Eyes is reportedly checking on Mitchell’s findings while Axon is developing a fix for the bugs on its Vievu model. The devices still need to be updated with modern protection measures to make them impervious to outside influence.