Researchers demonstrated how easy it is to manipulate and access this footage
In recent years, police agencies have more adopted body chambers for their elements, promoting them as an effort to increase transparency in the tasks of U.S. law enforcement agencies. In theory, body cameras should act as a third party to provide an objective view during police clashes with civilians, thereby protecting civilians from excessive use of force and protecting police departments from unfounded claims of abuse.
However, there is little evidence to suggest that these devices limit the use of force or complaints about the use of force, and now experts even question their ability to record police tasks in a credible manner. Last Saturday, Josh Mitchell, a cyber security organization expert, offered a demonstration of how easy it is to manipulate the images of these cameras.
The cyber security organization expert demonstrated that there are vulnerabilities in five different models of these cameras: Vievu, Patrol Eyes, Fire Cam, Digital Ally and CeeSc, and showed how a hacker could manipulate or delete associated sequences and metadata (such as location, or time and date the video was recorded) and expose police officers to surveillance when they are off of their work.
Just to start, none of the analyzed models uses cryptographic keys to ensure that the software and data on the device are not altered. This means that if an attacker obtains access to the camera, physically or remotely exploiting the vulnerabilities, the attacker could inject malicious software and the device would run it without any signal that the camera has been compromised, allowing manipulation or data deleting on the device.
Even more disturbing is the fact that the videos themselves are not cryptographically signed to verify their integrity. This means that a hacker could plant or manipulate video files on the device and there is no way to verify that the video was not filmed by the police officers’ body camera.
Cyber security organization specialists from the International Institute of Cyber Security consider that as the use of these cameras increases in police departments around the world, auditing this technology for security vulnerabilities is fundamental to avoid mistakes. It is easy to think of video recordings as objective evidence, but this research is a reminder that even technology manufactured by security companies can be extremely insecure.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.