logo
allArticlesConferencesPresentations

Ridealong Adventures—Critical Issues with Police Body Cameras

Conference:  Defcon 26

2018-08-01

Summary

The speaker discusses the lack of security measures in police body cameras and the potential risks associated with it.
  • Digital signatures are not applied to the multimedia coming off of the device before it touches anything else, which means that anyone can corrupt any kind of evidentiary and information on that device.
  • The lack of encryption and digital signatures can put people in jail based on invalid evidence.
  • The speaker developed a tool to identify police body cameras in the field based on their MAC addresses and wireless access points.
  • The cameras have several services available on them, including FTP, PTP, and RTSP, which can be used to download any file off the device, assign metadata, and live stream video.
  • The lack of security measures in police body cameras is a major industry-wide issue.
The speaker shares a story about a man who had cameras in the hallways and was targeting police officers. If someone had access to police body cameras, they could do the same thing more effectively.

Abstract

The police body camera market has been growing in popularity over the last few years. A recent (2016) Johns Hopkins University market survey found 60 different models have been produced specifically for law enforcement use. Rapid adoption is fueling this meteoric increase in availability and utilization. Additionally, device manufactures are attempting to package more and more technology into these devices. This has caused a deficiency in local municipalities' skills and budget to accurately assess the attack surface and exposure to the organization. Furthermore, departmental policies and procedures governing the secure deployment of these devices is largely insufficient. At DEF CON, we will be introducing tactics, techniques, and procedures to assess the security of these devices. We will cover attacks against the physical devices, RF components, smartphone app's, and desktop software. The capabilities demonstrated and discussed will encompass publicly and privately available technologies. Additionally, the talk will cover multiple products and vendors, shedding light on industry wide issues and trends. Finally, we will be releasing software to detect and track various devices and tie these issues into real world events.
Materials:
Tags:

Post a comment

Related work

Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities

Conference:  Defcon 26
Authors:
2018-08-01

Over the Air Baseband Exploit: Gaining Remote Code Execution on 5G Smartphones

Conference:  BlackHat USA 2021
Authors:
2021-08-05

BlueMaster: Bypassing and Fixing Bluetooth-based Proximity Authentication

Conference:  BlackHat EU 2019
Authors:
2019-12-05

Too Much to Choose – Making Sense of a Smorgasbord of Security Standards

Conference:  KubeCon + CloudNativeCon Europe 2022
Authors: Anais Urlichs, Rory McCune
2022-05-20

Robots with lasers and cameras (but no security): Liberating your vacuum from the cloud

Conference:  Defcon 29
Authors:
2021-08-01

Apple's Predicament: NSPredicate Exploitation on macOS and iOS

Conference:  Defcon 31
Authors: Austin Emmitt Senior Security Researcher at Trellix Advanced Research Center
2023-08-01