[ISN] Hacker pwns police cruiser and lives to tell tale

From: InfoSec News <alerts_at_private>
Date: Tue, 3 May 2011 09:52:52 -0500 (CDT)
http://www.theregister.co.uk/2011/05/03/cop_car_hacking/

By Dan Goodin in San Francisco
The Register
3rd May 2011

As a penetration tester hired to pierce the digital fortresses of 
Fortune 1000 casinos, banks and energy companies, Kevin Finisterre has 
hacked electronic cash boxes, geologic-survey equipment, and on more 
than one occasion, a client's heating, ventilation, and air-conditioning 
system.

But one of his most unusual hacks came during a recent assignment 
testing the security of a US-based municipal government. After scanning 
several IP addresses used by the city's police department, he soon 
discovered they connected directly into a Linux device carried in police 
cruisers. Using little more than FTP and telnet commands, he then tapped 
into a digital video recorder used to record and stream audio and video 
captured from gear mounted on the vehicle's dashboard.

He was shocked by the resulting live feed that eventually appeared on 
his computer screen

“There was an officer in his vehicle heading somewhere in traffic in the 
middle of the day,” said Finisterre, who is principal of security 
consultancy Digital Munition. “He was clearly trying to respond to an 
incident or go where he was told to go, and I was able to see this in 
real time.”

The account (PDF), which Finisterre published on Tuesday, underscores 
the overlooked risks that come with technology designed to give 
authorities minute-by-minute “situational awareness” about the 
emergencies to which their officers are responding. While real-time 
audio and video from cars often provides police brass with crucial 
information about what's happening during traffic stops, the devices 
often make that intelligence available to anyone with an internet 
connection.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Tue May 03 2011 - 07:52:52 PDT

This archive was generated by hypermail 2.2.0 : Tue May 03 2011 - 08:04:02 PDT