“The videos can be as powerful as something like DNA evidence, but if they’re not properly protected there’s the potential that the footage could be modified or replaced,” Mitchell told Wired. “I can connect to the cameras, log in, view media, modify media, make changes to the file structures. Those are big issues.”
“These are full-feature computers walking around on your chest, and they have all of the issues that go along with that,” Mitchell said. One issue that kept reoccurring in his research: a too-easy-to-guess default wifi password, a problem reaching near-ubiquity with IoT devices
Mitchell demonstrated vulnerabilities in cameras made by Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc. Cameras from Axon, the largest manufacturer in the US, weren’t examined for vulnerabilities, but Vievu was recently acquired by Axon.
They don’t use cryptographic mechanisms to confirm firmware updates or uploaded videos are legitimate. Mitchell found that the cameras don’t protect uploaded footage with digital signatures to ensure it hasn’t been manipulated. Without this verification, attackers could therefore download, edit, then re-upload footage to cloud storage without a trace. Mitchell also says that the cameras run firmware without verification, meaning a hacker could expose the cameras to malicious code by disguising it as a normal software update.
https://gizmodo.com/hackers-can-turn-body-cameras-into-malware-spewing-mach-1828306760
No comments:
Post a Comment