Hacking Police Bodycams

Suprising no one, the security of police bodycams is terrible.

Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when the camera connects to a PC for syncing, it could deliver all sorts of malicious code: a Windows exploit that could ultimately allow an attacker to gain remote access to the police network, ransomware to spread across the network and lock everything down, a worm that infiltrates the department's evidence servers and deletes everything, or even cryptojacking software to mine cryptocurrency using police computing resources. Even a body camera with no Wi-Fi connection, like the CeeSc, can be compromised if a hacker gets physical access. "You know not to trust thumb drives, but these things have the same ability," Mitchell says.

BoingBoing post.

Posted on August 15, 2018 at 6:04 AM • 25 Comments

Comments

chuckAugust 15, 2018 6:23 AM

Speaking of body-cams in general. I believe they create an asymmetric advantage for the cops: they record when it's convenient, turn of when it's not beneficial to their cause.

I think the proper procedure should be this: unless the whole encounter is fully recorded and proven unaltered, any doubt has to be for the benefit of the other party (not cops). So broken camera? Tough luck. Out of battery? Case thrown out. And so on.

echoAugust 15, 2018 7:21 AM

I agree. I have seen with my own eyes UK police turn cameras on and off to record a tilted narrative of events. I have also been told by other people they have witnessed this too.

This isn't the only abuse of UK police authority and power placing its thumb on the scales I know about.

We're into open secret territory here yet nobody takes action? The courts and official reports are littered with this kind of thing. I suspect the reason it goes nowhereis too many UK state officials are "hacking the system" from the inside. This is how UK cover-ups work.

TroyAugust 15, 2018 8:06 AM

I agree with Chuck.
Body cams should go on at beginning of shift, and stay on till they are securely docked to download and reset the footage.
No/missing footage? No pay for the day.

The only field-accessible control should be a tagging button to mark sections of footage to exclude for privacy (but still retained), or to make beginnings and endings of interactions.

ThothAugust 15, 2018 8:24 AM

@all
They could just yank the power from the bodycam if it has some sort of external power supply or attempt to unscrew or tamper the bodycam by removing batteries or even try to interfere with the chips themselves and nothing is going to stop them.

Bodycams are only guarantees for the authorities that use them because they can tamper with it and even give excuses and force a judge to make certain decisions via back channels and Nation Security clauses and laws.

What needs to be done is to protect consumer smartphone devices from attempted search and destruction of filmed encounters via one-way encryption and to upload events in a reliable fashion or at least to hide a copy of the video in some rubberhose virtual filesystem on the phone so that even if they are coerced to delete a plain copy of the video, a persistent one-way encrypted copy in a random memory location would make it difficult to find logically.

The one-way encryption portion can be done by loading a randomly generated RSA Public Key on the phone for asymmetric encryption of a symmetrically encrypted content.

The likes of splitting encrypted data into multiple chunks and using steganography to hide them into different plain looking files containing encrypted chunks could be useful.

Jeremy PAugust 15, 2018 8:38 AM

Yes, true. But it is more complex of a problem then just requiring that camera be left on. They can easily be disabled or obscured while remaining on, or conveniently lost of stolen when one realizes something went terribly wrong. This isn't to say that police are intentionally abusing them necessarily, but people are people. When we elevate this footage as a permanent infallible record and use it to prove one side, it must be definition be unedited and complete to be fair.

The only real way to have a fair system is to require full usage(no on/off), ensure content cant be materially edited or trimmed, have live streaming or severe penalties if cameras are disabled or go missing(as the lack of video is disproportionally unfair), and devise a system to automatically review and investigate footage(realistically many people in power exploit those under them due to the simple fact that those under wouldn't dare report the abuse or be believed). And there are probably other issues I haven't considered.

Speaking strictly technologically there are many show stoppers out of the gate for us to implement a system that is truly fair and can't just be exploited by those in power. Fidelity, limited PoV, reliability of the record, proof of authenticity, devise level security and tracking, infrastructure to collect and classify all the video, privacy or the recorded video, and unbiassed system to review and analyze the video for intentional or unintentional bias or exploitation. Without all these technical issues addressed I don't see the video footage as a true record and not just a persuasive narrative.

Yes there will still be lots of cases where a vide of a clear crime, assault, or incident will be useful, but as the same time there are all the dangers mentioned both explicit and implied.

PeaceHeadAugust 15, 2018 9:48 AM

Thanks very much for excellent exclusive content. This was by far one of the best blog entries in terms of real-life security significance. It's not always all about mathematics and algorithms. There are many many real life overlaps and this is one big one.

Ah shucks, this sucks! This is such bad news. But thanks for it; we really need to know this stuff.
I am going to try and get some of this info to some police departments, etc. It's bad enough that so much of the rest of society is corrupt. We don't need this aspect of societal life corrupted too.

May Peacefulness Prevail Within All Realms of Existence

To US INTELLIGENCE COMMUNITY scanning us under the eaves:

US military-intelligence-complexes mimicking the geopolitical warcrimes of other nations doesn't actually help Ukraine nor Israel nor Japan, and it certainly doesn't help US citizens. Stick to the facts and stop instigating an attempt a Cold War coup d etat against Russia; CIA's Vault 7 gave the world's hackers the tools to hack the already poorly secured DNC servers and other items. The original interlopers were reading the dossier about Donald Trumps undesirable characteristics long before any press releases or speeches.

Also, your conclusions are NOT unanimous; claims to the contrary are both illogical and impractical and make you look guilty and suspicious. If you want to liberate Ukraine, try more diplomatic channels and stop gagging the North American people on an all-you-can-eat buffet of unscientific propaganda. And hire more computer science experts instead of relying upon the weak speculations of so-called political scientists. Please stop insulting OUR intelligence; if your arrogance gets us into WWIII, you will not be forgiven.

To the whistleblowers and conscientious objectors and common sense dissenters: keep on doing what you're doing; you have worth and your perspectives and experiences are pivotal for the masses. The more you accomplish, the more others eventually can try to protect you. Don't give up hope.

PEACE BE WITH YOU.

cryptostegosurvival

albertAugust 15, 2018 10:32 AM

So a police body cam is just another, probably really expensive, thing on the iOT? Not surprising. Hacking into police networks through the iOT? I'd be surprised if it hadn't happened already.

It seems pointless to play technological whack-a-mole.

. .. . .. --- ....

justinacolmenaAugust 15, 2018 11:10 AM

Washington State Constitution, Artcle I, Sections 24-25, 29.

Offenses heretofore required to be prosecuted by indictment may be prosecuted by information, or by indictment, as shall be prescribed by law. No grand jury shall be drawn or summoned in any county, except the superior judge thereof shall so order. ... The provisions of this Constitution are mandatory, unless by express words they are declared to be otherwise.

"Prosecution by information" is Orwellian newspeak for the omission of the due process of a grand jury indictment for a felony or other serious or "infamous" crime. ("Infamous" = permanent record.)

That parochial Washington State legal term is also a mockery of the defendant's 6th-Amendment right of the accused "to be informed of the nature and cause of the accusation," which is what the legal term "information" properly refers to.

In other words, King County, Washington is not properly "vetting" police body cam pics and other evidence before introducing it court to prosecute felony cases.

dragonfrogAugust 15, 2018 1:33 PM

This is almost beside the point - the cameras already can't be trusted to provide an accurate record of events, because they have a user-accessible on/off button by design.

wumpusAugust 15, 2018 1:42 PM

@dragonfrog

Perhaps the manufacturers/designers of such a product thought there might come a day when a jury would be unwilling to consider the testimony of any police officer that turned his bodycam off during anything he is testifying about or somehow "lost" the evidence after the fact.

I'm not as optimistic. But at least somebody is planning ahead for such a condition.

HmmAugust 15, 2018 4:52 PM

I think the debate on police body cams is stuck a technological decade in the past :
There's no reason it should be restricted to user-configurable on/off gopro type devices.
We actually could have realtime monitoring and 100% recording secure devices, right now.

There is a lack of budget and legal mandate but cameras that are always on and always recording would be a trivial upgrade. Even more importantly (imo) we can send that feed securely in realtime in addition to local recording, never an option on any feasible level before. We could have a monitored realtime hub at the central station for both AI and senior eyeballs. There could even be a civilian oversight liason. All of this is possible right now and if you consider the amount of money police districts pay out in even a single wrongful death or accident or other case, cameras could be a preventative drop in the bucket of that.

It could revolutionize law enforcement as practiced - which is why POA lobbying would certainly beat it to death with campaign ad nightsticks like any other oversight they instinctively oppose.

Still I think the reasons they'd give in opposition could not outweigh the benefits to society.
With power comes responsibility, put it all on the record and let a grand jury see it if required to.
Anything less is a flawed half measure that can be abused as others noted.

HmmAugust 15, 2018 7:10 PM

Presciently..

https://www.defcon.org/html/defcon-26/dc-26-speakers.html#Mitchell

https://boingboing.net/2018/08/12/vievu-patroleyes-firecam-di.html

Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when the camera connects to a PC for syncing, it could deliver all sorts of malicious code: a Windows exploit that could ultimately allow an attacker to gain remote access to the police network, ransomware to spread across the network and lock everything down, a worm that infiltrates the department's evidence servers and deletes everything, or even cryptojacking software to mine cryptocurrency using police computing resources. Even a body camera with no Wi-Fi connection, like the CeeSc, can be compromised if a hacker gets physical access. "You know not to trust thumb drives, but these things have the same ability," Mitchell says.

"The fact that some law enforcement evidence-collecting devices can be hacked evokes some true nightmare scenarios," says Jay Stanley, senior policy analyst at the American Civil Liberties Union. "If there aren't reliable ways of ensuring that such equipment meets strong security standards, then something is deeply broken. No police equipment should be deployed that doesn't meet such standards."

justinacolmenaAugust 15, 2018 7:46 PM

@@ wumpus, dragonfrog, et al.

can't be trusted ... on/off button ... "lost" the evidence after the fact

The only argument the "prosecution by information" folks in Washington State put forth against obeying the 5th Amendment is, "We've been doing it this way for over 150 years. We can't change now." No.

Beneath the angel strain have rolled two thousand years of wrong ...

The songwriter laments how these men are deaf to the song of love and reconciliation just as the founding fathers lamented that they, too, have been deaf to the voice of justice and of consanguinity. Their spirits are are broken, and only their forms remain to labor under such an unsupportable burden. They utterly refuse the rest that is offered.

DaveAugust 15, 2018 8:19 PM

@Troy: Body cams should go on at beginning of shift, and stay on till they are securely docked to download and reset the footage.

Which means they'd end up recording the cop taking a leak, joking around with co-workers, being lenient on a few guys for minor infractions that don't really justify an arrest or fine, and all the other little things that humans do. The end result would be everyone having to act like Robocop in order to satisfy any possible later examination of the video footage.

I'd rather give the police some discretion...

Lutwidge August 15, 2018 9:06 PM

“If everybody minded their own business,” the Duchess said, in a hoarse growl, “the world would go round a deal faster than it does.” -Lewis Carroll

RichAugust 16, 2018 9:41 AM

@Dave I agree, give the police discretion. In fact why even have body cams? If you are going to doubt the testimony of one police officer (video or it didn't happen) then hire a second. Or, will it simply be said that second police officer would be just as untrustworthy as the first? If that's what is believed then then a body cam will not help.

[The camera should go on at the beginning of the shift and go off at the end]. Would others wear a body every working day, capturing every conversation and interaction they have and preserving that in perpetuity, to be scrutinized at any time in the future for any transgressions they may have committed? Was it turned off or failed to be turned on at the appropriate time, no pay for them. After all, their employer is paying them to work nothing more. Claim to work from home? Video or it didn't happen.

Concerning the integrity or validity of the 'evidence' from a body cam, is that any more or less suspect than a video from a cell phone? Certainly the MSM news outlets have no problem showing shaky, grainy footage from a cell phone with no context other than some carefully constructed narrative delivered in an alarming or emotional manner just prior to the video to 'set the scene' for the viewers. Talk about fake news, this has been around for decades, cell phones are simply the latest source of the videos.

Given the proliferation of cell phones with cameras I think it's very telling that we see few if any videos of the events that necessitated the call to the police. Usually these videos are from security cameras already in place and seldom from the cameras of people in the community.

If people in a community feel 'over policed' here are a few suggestions. If there are drug dealers in their community go out and talk to them: If they're locals, ask them to change their ways; not locals ask them to leave. If there is an assault call the mayor and ask him to come down in person and straighten out the situation; robbed call the selectman / selectwoman and ask them to recover the property; if a rape occurs call a lawyer and the print and on-line media, plaster the victim's face all over the place along with an emotional plea from the lawyer asking the public's help in bringing the perpetrator to justice. By all means do not call the police.

HmmAugust 16, 2018 2:18 PM

@ Dave

"I'd rather give the police some discretion."

You're awfully trusting of authority to self-police. How nice of you! :)


@ Rich

" If you are going to doubt the testimony of one police officer (video or it didn't happen) then hire a second."

You're putting full faith in human civil servants and talking about removing the "verify" part.
That's just objectively naive. You avoided all reporting of police abuses in the last 100 years?

" I think it's very telling that we see few if any videos of the events that necessitated the call to the police. Usually these videos are from security cameras already in place and seldom from the cameras of people in the community. "

Where are you getting this "information"? Are we just making things up now? Gee.

HmmAugust 16, 2018 2:21 PM

@Rich

OK finally your post makes some sense with the /s tag! Jesus.

It's sometimes hard to tell kidding from crazy in this day and age.

HmmAugust 16, 2018 2:53 PM

@Dave

" Which means they'd end up recording the cop taking a leak, joking around with co-workers, being lenient on a few guys for minor infractions that don't really justify an arrest or fine, and all the other little things that humans do. "


So what's the problem with these things being documented, assuming properly secured?
Google can blur faces and license plates, blurring cop junk wouldn't be difficult.

If the officer is accused of favors or actions unbecoming, that "small talk" is important.

A judge would not be inclined to release that without a specific credible accusation,
but make no mistake if that footage exists it is public property. When you pin a badge on someone, some of their rights are limited while they act under color of law. Expectation of officer "privacy" on a police shift is ridiculous on its face.

Record it all, make authorization to review the data require appropriate legal jurisprudence and sanitizing by the court's order, and if someone requires the unsanitized version they have to convince a judge of the specific legal rationale that requires it. It wouldn't be entirely dissimilar to the system we have now. Police routinely censor public video releases for their own interests.

The FOIA system is not well equipped to handle the volume or granularity of the requests or weigh the interests of parties, and if you've ever made any FOIA requests you know they can take forever and are routinely denied for unspecified reasons. This system can't scale to meet the need/opportunity. We need to reinvest in our institutions with clear mandates towards the mission goals : Protect and serve the public trust, enforce the law. "Protecting officers from oversight on the basis of their expectation of privacy" should sound as ridiculous to you as it does to me, I think.

justinacolmenaAugust 17, 2018 1:05 PM

Body cam pics?

In the old days, the whole idea of wearing a "body cam" would be considered too risquée. Like wearing a "wire" to a drug deal, you really wouldn't want to be caught dead with spy tradecraft paraphernalia like that, and there would be water-cooler gossip of pornography and "spoliation of evidence."

vas pupAugust 18, 2018 11:16 AM

@all: don't through baby with the water.
Cameras are better in comparison with no cameras for both sides LEOs and suspect. Usage should utilized security and policy of cameras usage and penalty for misuse.
There is no perfect solution, but that is real path for kind of OBJECTIVE recording of interaction. As I have stated on this subject before and stick to my guns, same cameras should be mandatory for prison/jail/detention facility/etc. guards, mental health facility, armed security guards personal in ALL cases when any type of restraining and/or confrontation take place. I am strongly for cameras in a court and interrogation room, but not for court TV (like Simpson), but rather for appellate court, all court officers behavior analysis in case of complains, jury usage, Law student training.
That will improve quality of legal system for cops to judges. Any REASONABLE objections are appreciated, emotional - are not.

TatütataAugust 18, 2018 3:20 PM

This problem is correctable, but might give yet another "excuse" to officers for "explaining" missing or tampered footage.

Sometimes technology unexpectedly works better than expected, like last year in Baltimore where the city's finest were caught planting drugs in a yard, walk out, return, and feigning surprise when the incontrovertible "evidence" was found. One of the cops had fumbled the controls, and had recorded the entire proceedings. The "discovery" scene beggars belief, the cop zeroes in on the soda can amidst the junk like if he was a K-9.

It also seems that everyone and their brother is wearing some sort of bodycam in the White House these days. That's a nice example to set...

RogerBWSeptember 4, 2018 7:37 AM

The existence of attacks like this - or even the rumour of their existence - is enough to render bodycam footage inadmissible even without any actual tampering by the police. "Oh, I know it shows that, but it must have been hacked and fake video put in on top of the real thing."

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.