Sign in with
Sign up | Sign in

Police Wireless Surveillance Networks Easy to Hack

By - Source: Tom's Guide US | B 5 comments

LAS VEGAS — Municipal wireless networks used by American police forces to link surveillance cameras and public loudspeakers may be easily hacked into, two researchers said at the DEF CON 22 security conference here yesterday (Aug. 8).

Dustin Hoffman and Thomas Kinsey of tech-support firm Exigent Systems related how the police wireless mesh network in a small California city had no security and could be accessed by anyone, raising the possibility that pranksters or criminals could use the system to their advantage, even by injecting bogus video feeds.

"We could do all sorts of tomfoolery — hey, let's have Godzilla walk down the street," Hoffman said. "Or, we could do the opposite and send police resources elsewhere."

MORE: 12 Mobile Privacy and Security Apps

The network had been set up by a contracting company that set up similar networks in more than a dozen cities in California and Washington state, including Santa Monica and Seattle.

Casting a wide net

Mesh networks use Wi-Fi, but each device connects directly to other devices rather than to a single central node. Signals hop from one device to another, and resources such as Internet access are shared, so a network can range over several square miles instead of just a few hundred feet. (You can set up a home mesh network using the "Ad Hoc" or "Wi-Fi Direct" option on smartphones and laptops.)

Cities and towns across the United States have been installing such systems with post-9/11 Homeland Security grants, using them to offset dwindling personnel budgets by extending police presence to areas where officers can't always be present, such as parks, business districts and other areas with high pedestrian and vehicle traffic.

To those cities, the mesh-network cameras and speakers are a "force multiplier" that allows a single officer at headquarters to monitor several areas at once, much as a security guard monitors a large building.

Kinsey related how he was goofing off with friends in the city in question one night several years ago and climbed on top of a public fountain for laughs.

"I suddenly hear a voice saying, 'This is the police. Please get off the fountain,'" Kinsey said, adding that the voice sounded like "he'd said it a thousand times before."

Gaps in the mesh

Intrigued by the cameras and speakers — and the open Wi-Fi networks that bore names such as "Police Department" — that had begun to appear around the city, Kinsey and Hoffman decided to investigate. To their delight, they found diagrams mapping the mesh network and its functions, including cameras and antennae, on the municipal website.

To their dismay, they found that the network had almost no security. Wi-Fi signals were completely unencrypted ("until three days ago," Hoffman and Kinsey noted) and names of equipment makers were printed on network boxes, saving time for potential attackers looking for known vulnerabilities.

The network infrastructure named each node with one of 256 possible numbers, yet was designed to be flexible and dynamic, creating an opportunity for anyone to insert a malicious node posing as a regular one.

Because the nodes' Wi-Fi antennae were directional, pointed straight at one another rather than broadcasting signals in all directions, city officials may have thought that afforded some layer of protection. But even directional antennae bleed in other directions, the researchers noted.

"Wireless always gets into places you didn't plan on," Hoffman said.

Poking holes in the fabric

Even with the newly implemented wireless encryption, which uses the weak WEP protocol, there are many ways an attacker could compromise the city's network, the researchers explained.

In addition to inserting bogus video feeds, which might include an "Ocean's 11"-style "all is well" loop to disguise criminal activity, a malicious actor could render the system unusable by flooding the network with bogus traffic or jamming the wireless transmitters in part or all of the network.

If the city's computer networks are like those of many other small and medium-sized organizations, it might not properly isolate one network from another. It could be that an attacker might find a way from the wireless mesh network into the 911 dispatch system, the municipal finance system or even the city jail.

The city managers need to mitigate the vulnerablities by implementing more secure practices, Hoffman and Kinsey noted. They admitted that last week's move to WEP encryption was a good, if half-hearted, first step, even if it ruined their chances of demonstrating of how easy it was for civilians to access the police mesh network.

"It's not that it's not possible," Hoffman said. "It's just that now it's illegal."

Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.

Discuss
Add a comment
Ask a Category Expert
React To This Article

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

  • 2 Hide
    Darkk , August 9, 2014 6:37 PM
    WEP?? Which can be cracked in three minutes. Guess it's better than nothing until they upgrade the wireless network.
  • 1 Hide
    anthony8989 , August 9, 2014 8:02 PM
    Watch Dogs !
  • 1 Hide
    Someone Somewhere , August 9, 2014 10:17 PM
    Yet another reason why ubiquitous surveillance ain't always a good thing...
  • Add your comment Display all 5 comments.
  • 0 Hide
    f-14 , August 10, 2014 3:10 PM
    considering media sensationalism these days i am glad the article title did not read "Dustin Hoffamn says Police Wireless Surveillance Networks Easy to Hack"

    as for self admitted attempted vandalist dustin hoffman's claims ""We could do all sorts of tomfoolery — hey, let's have Godzilla walk down the street," Hoffman said. "Or, we could do the opposite and send police resources elsewhere.""

    thanks for ruining another public property a cop watch system, you know so we can record what the cops are doing on camera and use it against them in a court of law if necessary.

    because like the NSA, police just willingly hand over unedited evidence all the time upon request.

    thanks hoffman, really thanks for making up reasons to create unnecessary jobs for cyber security experts like yourself and at tax payers expense i might add.

    it's bad enough we can't access the bank teller machines video feeds when comparing our monthly statements to video at the dates and times listed on the statements if identity thieves are accessing our accounts which would result in quicker action and less burden upon police forces and police resources.

  • 0 Hide
    Andy McAdam , August 11, 2014 2:01 AM
    This is how Batman gets all the video feeds into his Batcave!
React To This Article

Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS