• Categories

  • Archives

    « Home

    Forbes: Whoops, Anyone Could Watch California City’s Police Surveillance Cameras

    Forbes reports that Thomas “T.K.” Kinsey and Dustin Hoffman of Exigent Systems, an IT company, were able to hack into the surveillance system of law enforcement in Redlands, Calif.:

    Redlands has over 140 surveillance cameras around the 70,000-person town that have helped the police spot and stop drunk drivers, brawlers, vandals, and people illegally smoking in parks, according to a case study on the site of Leverage Information Systems, the company that provided the camera system. […]

    The cameras were deployed as a mesh network, with camera nodes popping up as “available wireless networks” dubbed with names that were far from stealth, such as “RPD – West End.” The cameras used a proprietary mesh protocol to communicate but were not password-protected. Hoffman and Kinsey said that the protocol was fairly easily reverse-engineered and that tapping into the network was then easy, requiring no specialized hardware, and allowing anyone to have a police-eye’s view of the town. “All you need is a little Linux knowledge and some $20 Wi-Fi hardware,” says Hoffman. He and Kinsey mapped what the cameras watched, including the entrance to an adult video store.

    “It would have been trivial to have made all the feeds public and stream them online for anyone to watch,” Hoffman continued. […]

    The Redlands police department got wind of the presentation however. Seventy-two hours before Hoffman and Kinsey discussed the flaw at security conference Defcon on Friday, the city’s cameras suddenly became a little more private. The city enabled WEP encryption, according to the researchers, so that the camera network now requires a password to sign on. […]

    However, the encryption on the cameras is not particularly secure. “WEP has been broken for a decade,” said Kinsey. “It’s a legal barrier only at this point.”

    Leave a Reply