Footage From Police Body Cameras Can Be Altered by Hackers, Researcher Says

police officer
A police officer wears a body camera during an anti-Donald Trump protest near the Republican National Convention site in Cleveland, on July 18, 2016. A cybersecurity expert has warned that hackers could sneak malware into body cameras and wreak havoc on police computer networks. JIM WATSON/AFP/Getty Images

Recordings from body-camera technology worn by U.S. law enforcement officers can be manipulated and altered by hackers, a cybersecurity researcher has warned.

Josh Mitchell, cybersecurity consultant at technology company Nuix, told attendees at the DEF CON conference on August 11 that several popular models of body cameras could be tampered with remotely. In his talk, called "Ridealong Adventures—Critical Issues With Police Body Cameras," he said they could be exploited to sneak malware into police computer networks.

According to Wired, which first reported the study, Mitchell tested devices from five companies: Vievu, Patrol Eyes, Fire Cam, Digital Ally and CeeSc. With the exception of the Digital Ally model, every device contained common vulnerabilities that left recordings open to malicious attacks. The researcher said a criminal hacker could delete footage from the device, Wired reported.

"We can track [the body camera], we can manipulate the data on it, upload and download videos, wipe videos," Mitchell said in a Wired video interview and hacking demonstration published to YouTube. "These cameras were designed for transparency, not safety or security," he warned.

In a worst-case scenario, the cybersecurity expert said the body-worn camera devices—which are now commonplace across the U.S.—could be compromised to launch file-locking ransomware on a target's machine or even introduce a worm that scrubs the department's computer records clean.

Each of the affected tech companies has been working with Mitchell to fix the security issues.

"[Body-cam] manufacturers are attempting to package more and more technology into these devices," a description of the talk published on the DEF CON website stated.

"This has caused a deficiency in local municipalities' skills and budget to accurately assess the attack surface and exposure to the organization. Furthermore, departmental policies and procedures governing the secure deployment of these devices is largely insufficient."

In an opinion piece from February 2015, Paul Rosenzweig, former deputy assistant secretary for policy at the Department of Homeland Security, warned about body-cam cybersecurity threats.

"While civil rights and police groups agree that video can protect citizens and officers, the security within these systems needs to be addressed," he wrote at the time.

"Information collected on video will be incredibly sensitive, and the impact of a hacker accessing this data could be extraordinary. Imagine a hacker who edits the data to change the identity of an assailant or leaks the footage of a victim immediately following a violent crime."

In late 2015, a cybersecurity company called iPower found evidence that body cameras used by U.S. police departments were being shipped with a strain of malware known as Conficker.

Civil rights experts raised concerns that body-worn cameras were a privacy risk.

"If combined with facial recognition or other technologies, thousands of police officers wearing body-worn cameras could record the words, deeds, and locations of much of the population at a given time, raising serious First and Fourth Amendment concerns," the EFF warned online.