Researcher Buys Axon Cameras On eBay, Finds They're Still Filled With Recordings
from the not-even-using-'password'-for-the-password dept
Data isn't secure just because nothing happened to it when it was still in your possession. It can still "leak" long after the storage device has gone onto its second life in someone else's hands.
The Fort Huachuca Military Police were just apprised of this truism by Twitter user KF, who had purchased some used Axon body cameras on eBay. The cameras still contained their microSD storage cards. And contained on those storage cards were a bunch of recordings (including audio) that hadn't been wiped by the MPs before the cameras ended up on eBay.
Annnnnd this is me shitting my pants as I listen to extracted evidence video from this @axon_us camera sold on eBay… (in bulk lots!) Time to buy em up before they disappear! Collect you some evidence! pic.twitter.com/thZTrBCkui
— KF (@d0tslash) July 1, 2020
The whole thread is worth a read (here's an unrolled version if you prefer to go somewhere other than Twitter). No one seems to know how the cameras ended up on eBay, but it's pretty amazing they ended up in the secondary market with their recordings still intact.
What's more amazing (but somehow simultaneously less surprising) is that the recordings weren't encrypted or protected by a password. Axon responded to the Arizona Mirror's reporting of this secondary-market breach by saying it was "looking into the matter." It also said it would be putting more effort into telling its law enforcement customers what they should already know.
“We are… reevaluating our processes to better emphasize proper disposal procedures for our customers.”
What's more reassuring is that this data disposal carelessness is no longer as much of an issue for Axon customers. The cameras in KF's hands are first-generation models produced in 2015. Axon's latest version encrypts recordings and, presumably, forces officers to select passwords to ensure this encryption isn't rendered useless by a lack of login protection.
eBay also responded to questions from the Mirror, stating that it forbids the sale of surveillance devices like the ones KF was able to purchase. It also said sellers are responsible for making sure internal storage is wiped before making devices eBay says it does not allow to be sold on the site are made available for sale on the site.
Security matters. But situations that demand the utmost in care are too often handled in ways that an octogenarian using their first computer ever would find amateurish. KF's site contains this amusing/scary security test of police in-car camera systems -- cameras the researchers were able to view live after discovering zero authentication was needed to access this stream. And the system itself was only "protected" by the default login/password, which the researchers found in a PDF copy of the device's manual after a little bit of Googling.
For all the talk from law enforcement officials about the need to redact and/or withhold recordings out of concern for people's privacy, they don't seem to be very concerned that these recordings are ending up in the hands of the public. Nor does there seem to be much concern that recordings might be improperly accessed by other personnel with access to the devices while the cameras were still being used by the Fort Huachuca police. The lack of password protection is just as alarming as the apparent lack of proper disposal procedures. This is consumer-grade carelessness exercised by a taxpayer-funded entity with a whole lot of power and the obligation to be better public servants.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: body cameras, disposal, encryption, evidence, fort huachuca, recordings
Companies: axon, ebay
Reader Comments
Subscribe: RSS
View by: Time | Thread
Old Film
You never know what ends up where
https://forums.stevehoffman.tv/threads/unseen-1930s-nitrate-film-discovered.974351/
It is disgusting that this is the best way to get your hands on body cam footage. It also shows that they do not understand privacy nor how to protect retained data. Surprise equals zero, though.
[ link to this | view in chronology ]
Passwords would be the wrong way to handle this. We certainly shouldn't be relying on each officer to select a good password. It should be the department enrolling the cameras in some public-key infrastructure. I see no reason why the cameras or individual officers should be able to read the stored data at all.
[ link to this | view in chronology ]
Re:
Presumably, they already know what's on it. From a security perspective, it's pointless and a waste of effort to hide known data from them.
As for protecting the recordings from them, you're running head first into the DRM problem. These things are, presumably, on their person constantly. In some cases the devices are allowed to be taken home after work. (See also any cop who takes home the squad car.) It's only a matter of time before some smart cow figures out how to open the greatest and most secure gate latch without alerting the farmer. (Yes, the cops have these people too. Just like the gamers in the video game industry have their hackers.) Simply put, you can't protect it indefinitely from an authorized carrier while it's in their sole possession.
The best protection in this case is multiple location off-site storage of the complete feeds, and a complete rejection of all evidence by the courts if the camera footage can only be found on the camera itself. With harsh penalties for any discrepancies found between copies of the camera feeds. That way it places a verification requirement on them, ensuring that there is at least two good copies of the original feeds to corroborate with, and provides a strong incentive not to alter it. (No multiple identical feeds? No case.)
[ link to this | view in chronology ]
Re: Re:
The point would not be to protect the data from the cops, but to avoid compromising the security by designing a local access method. If they want access to the footage, they can go through the official police system which will have an audit trail.
It's easy to design camera software that randomly generates a key every few minutes, encrypts that key to a public key, and throws it away afterward. It would take extra effort to give the camera operator a way to review old footage—eg. you'd have to give them a password, which means you'd have to enforce password security, wipe the passwords when selling the devices, make sure there are protections to stop criminals from grabbing cameras while unlocked or forcing cops to unlock them, etc.
[ link to this | view in chronology ]
Probably mischaracterised
If I rmember correctly from reading the report first, card content was deleted but cards were not wiped. Namely any software used for recovering accidentally deleted files from a media card would be able to recover stuff as long as it has not been overwritten.
That's sort of a side point. The principal problem is not that the person reselling the device did not follow best practices. The principal problem is that the only entity able to resell devices possibly used in sensitive circumstances should be a trained unit. Either that, or security sensitive devices must be designed in a manner where the data on them, even if not tampered with in any manner, is completely unusable to any outside party.
[ link to this | view in chronology ]
Re: Probably mischaracterised
Let us know when you solve the halting problem then. (Given a set of inputs if / when will this data be breached?)
The best practice here would be to make wiping the data correctly part of the default process. I.e. Pressing "Delete" from the file manager shouldn't just unlink a file as per normal systems. "Deleting" should overwrite first, then unlink the file, then overwrite the filesystem metadata, all in one go. Deleting should also prohibit reuse of the media until that process is completed successfully, or the media gets completely re-initialized.
Doing that won't prevent all breaches, of course, but it would cut down on the number of failure points. Especially those that can be stumbled on by a clueless, or careless, layman.
[ link to this | view in chronology ]
Re: Re: Probably mischaracterised
Last time I looked, public key cryptography exists.
[ link to this | view in chronology ]
Re: Re: Probably mischaracterised
That's not good enough when flash translation layers are involved. There's literally no standard way to access a particular physical block of a flash device. If you fill block 123 with zeros, the original content may remain on the device. (With no standard way to access it, of course; but attackers can abuse non-standard quirks in ways that would be unrealistic for manufacturers.)
If you're lucky, the flash device has some kind of "wipe" command. If you're really lucky, it's actually secure. But we can't rely on having so much luck that nobody ever loses these things without a chance to wipe them first. As David says, encryption is the real answer.
[ link to this | view in chronology ]
CFAA Charges Incoming?
This is the kind of occurrence I would have kept to myself, not blasted it out on Twitter.
[ link to this | view in chronology ]
By now we should all know that . . .
. . . is an extra large boatload of it. That should be as clear to everyone as the old "few bad apples" lie.
[ link to this | view in chronology ]
Possibly this is a false flag release?
They "accidentally" sell cameras online with nothing incriminating, making sure the ones where they murder black people for being black are destroyed.
Then they can say "see? we are nice".
[ link to this | view in chronology ]
Re:
Interesting thought, but silly. The number of black people killed by cops is dwarfed by the number of hours of recordings taken. The odds favor the recording having noting incriminating. ... at least as far as killing, goes, anyway.
[ link to this | view in chronology ]
One does wonder if there are some lawyers who would love to see if the raw video matches what they were provided during trials/hearings as the actual evidence.
[ link to this | view in chronology ]
I'm still wondering how Dept of Defense property ended up on eBay without going through the Defense Logistics Agency. And if it did go through there, how the hell did they skip the procedures for data protection?
[ link to this | view in chronology ]