Recent research shows the power of manipulation. A security researcher has found that footage from police body cameras can be altered by hackers. And, scientists have found a way for hackers to alter medical test results just by intercepting the connection between hospital lab devices and medical record systems.
Recently, Wired reported that at the DEF CON hacking conference, a security researcher presented findings that numerous types of body cameras carry a host of vulnerabilities that compromise their reliability. The issues, as Wired explained, “would allow an attacker to download footage off a camera, edit things out or potentially make more intricate modifications, and then re-upload it, leaving no indication of the change. Or an attacker could simply delete footage they don’t want law enforcement to have.”
The researcher who made the discovery noted,“We can track [the body camera], we can manipulate the data on it, upload and download videos, wipe videos.” In some cases, the cameras can even be exploited to execute ransomware on another device.
In the era of IoT, it seems data in motion can pose all kinds of risks. To illustrate that point, scientists at the University of California used a ‘man-in-the-middle’ attack to show that hackers could easily intercept and change data from a medical lab as it passed to a medical record system. At issue is the protocol that health professionals use to send patient data, known as Health Level Seven standards (HL7).
In their study, the University of California researchers found vulnerabilities within HL7. That, combined with aging medical equipment in an industry that may not be as far along the continuum in cybersecurity awareness, could create a perfect storm.
As we rely more and more on data delivered through devices—especially when it pertains to protecting communities or saving lives—the integrity of that information becomes even more crucial. Talking to Wired about the body camera issues, Jay Stanley, senior policy analyst at the American Civil Liberties Union, said, “If there aren’t reliable ways of ensuring that such equipment meets strong security standards, then something is deeply broken.”
Get the full story at Wired.