Ridealong Adventures—Critical Issues with Police Body Cameras

Conference:  Defcon 26



The speaker discusses the lack of security measures in police body cameras and the potential risks associated with it.
  • Digital signatures are not applied to the multimedia coming off of the device before it touches anything else, which means that anyone can corrupt any kind of evidentiary and information on that device.
  • The lack of encryption and digital signatures can put people in jail based on invalid evidence.
  • The speaker developed a tool to identify police body cameras in the field based on their MAC addresses and wireless access points.
  • The cameras have several services available on them, including FTP, PTP, and RTSP, which can be used to download any file off the device, assign metadata, and live stream video.
  • The lack of security measures in police body cameras is a major industry-wide issue.
The speaker shares a story about a man who had cameras in the hallways and was targeting police officers. If someone had access to police body cameras, they could do the same thing more effectively.


The police body camera market has been growing in popularity over the last few years. A recent (2016) Johns Hopkins University market survey found 60 different models have been produced specifically for law enforcement use. Rapid adoption is fueling this meteoric increase in availability and utilization. Additionally, device manufactures are attempting to package more and more technology into these devices. This has caused a deficiency in local municipalities' skills and budget to accurately assess the attack surface and exposure to the organization. Furthermore, departmental policies and procedures governing the secure deployment of these devices is largely insufficient. At DEF CON, we will be introducing tactics, techniques, and procedures to assess the security of these devices. We will cover attacks against the physical devices, RF components, smartphone app's, and desktop software. The capabilities demonstrated and discussed will encompass publicly and privately available technologies. Additionally, the talk will cover multiple products and vendors, shedding light on industry wide issues and trends. Finally, we will be releasing software to detect and track various devices and tie these issues into real world events.