Researcher Buys Axon Cameras On eBay, Finds They're Still Filled With Recordings

from the not-even-using-'password'-for-the-password dept

Data isn't secure just because nothing happened to it when it was still in your possession. It can still "leak" long after the storage device has gone onto its second life in someone else's hands.

The Fort Huachuca Military Police were just apprised of this truism by Twitter user KF, who had purchased some used Axon body cameras on eBay. The cameras still contained their microSD storage cards. And contained on those storage cards were a bunch of recordings (including audio) that hadn't been wiped by the MPs before the cameras ended up on eBay.

The whole thread is worth a read (here's an unrolled version if you prefer to go somewhere other than Twitter). No one seems to know how the cameras ended up on eBay, but it's pretty amazing they ended up in the secondary market with their recordings still intact.

What's more amazing (but somehow simultaneously less surprising) is that the recordings weren't encrypted or protected by a password. Axon responded to the Arizona Mirror's reporting of this secondary-market breach by saying it was "looking into the matter." It also said it would be putting more effort into telling its law enforcement customers what they should already know.

“We are… reevaluating our processes to better emphasize proper disposal procedures for our customers.”

What's more reassuring is that this data disposal carelessness is no longer as much of an issue for Axon customers. The cameras in KF's hands are first-generation models produced in 2015. Axon's latest version encrypts recordings and, presumably, forces officers to select passwords to ensure this encryption isn't rendered useless by a lack of login protection.

eBay also responded to questions from the Mirror, stating that it forbids the sale of surveillance devices like the ones KF was able to purchase. It also said sellers are responsible for making sure internal storage is wiped before making devices eBay says it does not allow to be sold on the site are made available for sale on the site.

Security matters. But situations that demand the utmost in care are too often handled in ways that an octogenarian using their first computer ever would find amateurish. KF's site contains this amusing/scary security test of police in-car camera systems -- cameras the researchers were able to view live after discovering zero authentication was needed to access this stream. And the system itself was only "protected" by the default login/password, which the researchers found in a PDF copy of the device's manual after a little bit of Googling.

For all the talk from law enforcement officials about the need to redact and/or withhold recordings out of concern for people's privacy, they don't seem to be very concerned that these recordings are ending up in the hands of the public. Nor does there seem to be much concern that recordings might be improperly accessed by other personnel with access to the devices while the cameras were still being used by the Fort Huachuca police. The lack of password protection is just as alarming as the apparent lack of proper disposal procedures. This is consumer-grade carelessness exercised by a taxpayer-funded entity with a whole lot of power and the obligation to be better public servants.

Filed Under: body cameras, disposal, encryption, evidence, fort huachuca, recordings
Companies: axon, ebay


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    charliebrown (profile), 6 Jul 2020 @ 11:00am

    Old Film

    You never know what ends up where
    https://forums.stevehoffman.tv/threads/unseen-1930s-nitrate-film-discovered.974351/

    It is disgusting that this is the best way to get your hands on body cam footage. It also shows that they do not understand privacy nor how to protect retained data. Surprise equals zero, though.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Jul 2020 @ 11:41am

    Axon's latest version encrypts recordings and, presumably, forces officers to select passwords to ensure this encryption isn't rendered useless by a lack of login protection.

    Passwords would be the wrong way to handle this. We certainly shouldn't be relying on each officer to select a good password. It should be the department enrolling the cameras in some public-key infrastructure. I see no reason why the cameras or individual officers should be able to read the stored data at all.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Jul 2020 @ 12:16pm

      Re:

      I see no reason why the cameras or individual officers should be able to read the stored data at all.

      Presumably, they already know what's on it. From a security perspective, it's pointless and a waste of effort to hide known data from them.

      As for protecting the recordings from them, you're running head first into the DRM problem. These things are, presumably, on their person constantly. In some cases the devices are allowed to be taken home after work. (See also any cop who takes home the squad car.) It's only a matter of time before some smart cow figures out how to open the greatest and most secure gate latch without alerting the farmer. (Yes, the cops have these people too. Just like the gamers in the video game industry have their hackers.) Simply put, you can't protect it indefinitely from an authorized carrier while it's in their sole possession.

      The best protection in this case is multiple location off-site storage of the complete feeds, and a complete rejection of all evidence by the courts if the camera footage can only be found on the camera itself. With harsh penalties for any discrepancies found between copies of the camera feeds. That way it places a verification requirement on them, ensuring that there is at least two good copies of the original feeds to corroborate with, and provides a strong incentive not to alter it. (No multiple identical feeds? No case.)

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 6 Jul 2020 @ 7:08pm

        Re: Re:

        Presumably, they already know what's on it. From a security perspective, it's pointless and a waste of effort to hide known data from them.

        As for protecting the recordings from them

        The point would not be to protect the data from the cops, but to avoid compromising the security by designing a local access method. If they want access to the footage, they can go through the official police system which will have an audit trail.

        It's easy to design camera software that randomly generates a key every few minutes, encrypts that key to a public key, and throws it away afterward. It would take extra effort to give the camera operator a way to review old footage—eg. you'd have to give them a password, which means you'd have to enforce password security, wipe the passwords when selling the devices, make sure there are protections to stop criminals from grabbing cameras while unlocked or forcing cops to unlock them, etc.

        reply to this | link to this | view in chronology ]

  • identicon
    David, 6 Jul 2020 @ 12:05pm

    Probably mischaracterised

    If I rmember correctly from reading the report first, card content was deleted but cards were not wiped. Namely any software used for recovering accidentally deleted files from a media card would be able to recover stuff as long as it has not been overwritten.

    That's sort of a side point. The principal problem is not that the person reselling the device did not follow best practices. The principal problem is that the only entity able to resell devices possibly used in sensitive circumstances should be a trained unit. Either that, or security sensitive devices must be designed in a manner where the data on them, even if not tampered with in any manner, is completely unusable to any outside party.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Jul 2020 @ 12:31pm

      Re: Probably mischaracterised

      Either that, or security sensitive devices must be designed in a manner where the data on them, even if not tampered with in any manner, is completely unusable to any outside party.

      Let us know when you solve the halting problem then. (Given a set of inputs if / when will this data be breached?)

      The best practice here would be to make wiping the data correctly part of the default process. I.e. Pressing "Delete" from the file manager shouldn't just unlink a file as per normal systems. "Deleting" should overwrite first, then unlink the file, then overwrite the filesystem metadata, all in one go. Deleting should also prohibit reuse of the media until that process is completed successfully, or the media gets completely re-initialized.

      Doing that won't prevent all breaches, of course, but it would cut down on the number of failure points. Especially those that can be stumbled on by a clueless, or careless, layman.

      reply to this | link to this | view in chronology ]

      • identicon
        David, 6 Jul 2020 @ 3:08pm

        Re: Re: Probably mischaracterised

        > Either that, or security sensitive devices must be designed in a manner where the data on them, even if not tampered with in any manner, is completely unusable to any outside party.

        Let us know when you solve the halting problem then. (Given a set of inputs if / when will this data be breached?)

        Last time I looked, public key cryptography exists.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 6 Jul 2020 @ 7:19pm

        Re: Re: Probably mischaracterised

        Pressing "Delete" from the file manager shouldn't just unlink a file as per normal systems. "Deleting" should overwrite first, then unlink the file, then overwrite the filesystem metadata, all in one go.

        That's not good enough when flash translation layers are involved. There's literally no standard way to access a particular physical block of a flash device. If you fill block 123 with zeros, the original content may remain on the device. (With no standard way to access it, of course; but attackers can abuse non-standard quirks in ways that would be unrealistic for manufacturers.)

        If you're lucky, the flash device has some kind of "wipe" command. If you're really lucky, it's actually secure. But we can't rely on having so much luck that nobody ever loses these things without a chance to wipe them first. As David says, encryption is the real answer.

        reply to this | link to this | view in chronology ]

  • icon
    timlash (profile), 6 Jul 2020 @ 12:29pm

    CFAA Charges Incoming?

    This is the kind of occurrence I would have kept to myself, not blasted it out on Twitter.

    reply to this | link to this | view in chronology ]

  • icon
    Upstream (profile), 6 Jul 2020 @ 1:26pm

    By now we should all know that . . .

    law enforcement officials . . . concern for people's privacy

    . . . is an extra large boatload of it. That should be as clear to everyone as the old "few bad apples" lie.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Jul 2020 @ 1:59pm

    Possibly this is a false flag release?

    They "accidentally" sell cameras online with nothing incriminating, making sure the ones where they murder black people for being black are destroyed.

    Then they can say "see? we are nice".

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Jul 2020 @ 5:24pm

      Re:

      Interesting thought, but silly. The number of black people killed by cops is dwarfed by the number of hours of recordings taken. The odds favor the recording having noting incriminating. ... at least as far as killing, goes, anyway.

      reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 6 Jul 2020 @ 5:04pm

    One does wonder if there are some lawyers who would love to see if the raw video matches what they were provided during trials/hearings as the actual evidence.

    reply to this | link to this | view in chronology ]

  • icon
    Norahc (profile), 6 Jul 2020 @ 5:20pm

    I'm still wondering how Dept of Defense property ended up on eBay without going through the Defense Logistics Agency. And if it did go through there, how the hell did they skip the procedures for data protection?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.