Showing posts with label ip camera. Show all posts
Showing posts with label ip camera. Show all posts

Tuesday, December 11, 2012

Best to Hush on the Bus - Cities Across the US Install Surveillance Equipment on Public Transit

This IP camera with microphone, the Safety Vision SVC2200, is being installed on buses in San Francisco, California; Eugene, Oregon; Traverse City, Michigan; Columbus, Ohio; Baltimore Maryland; Hartford, Connecticut; and Athens, Georgia. The microphones are sensitive enough to record conversations audibly. This leads one to wonder what such technology could possibly be used for. Cameras can be used for evidence in cases of violent crime. Recordings are not nearly as important in establishing proof of violence as they are in assisting with more subversive forms of surveillance. No doubt this information is headed in a roundabout way to your local DHS "Fusion Center", where it will be shuffled, cataloged and shuffled again.

The IP cameras are listed as supporting the following protocols: IPv4/v6, TCP/IP, UDP, RTP, RTSP, HTTP, HTTPS, ICMP, FTP, SMTP, DHCP, PPPoE, UPnP, IGMP, SNMP, QoS & ONVIF, although one wonders in what capacity they 'support' QoS ... a few of these are likely the efforts of marketeers gone wild with acronym copy pasting. Whats important is they talk TCP/IP, and VPN compatibility is not on that list. They have an RJ-45 input and use PoE, but also have a microSD port. Finally,with a field of vision at 78° horizontal, 45° vertical, these devices provide a very tempting opportunity to the on-site hacker.

The cameras are supposed to connect to and be managed by a central web server - and remember the lack of VPN above, it looks like just a straightforward wireless of 3g-based network connection will be established to that server. While the video on that web server may not be so exciting to attackers, an opportunity to establish an "in" with a local network maintained by a city transportation administration or law enforcement agency would be an incredibly enticing target. Of even greater value would be the possibility of infecting video files with malicious software to be uploaded to whatever federal spy agency is its final destination. Finally, security cameras rely on motion detection in order to limit storage to relevant data. As the traffic on buses is continuous, there will be constant motion and noise. This will lead to huge data sets of worthless audio and video that will increase storage costs to absurd heights in short order (the alternative of a regular deletion schedule would defeat the purpose of collecting the data). As such, this project is a foolish one. There is little advantage to be gained in the data from these devices, and the system architecture as currently stated will lead to significant security failures. At best the devices would have a slight freezing effect on violent crimes that occur on the bus, which are few and far between to begin with. At worst these devices will turn into a blackhole for taxpayer money funneled into storage and maintenance costs that is somehow simultaneously worthless to law enforcement and reviled as a degradation of the 4th Amendment of the United States Bill of Rights for targeting a service provided almost exclusively to  the poor and in many cases to populations that are predominately black and latino (the 4th is the amendment that was intended to protect citizens from unreasonable searches and seizures).

***A Bit of Conjecture

There is one feature to this infrastructure that would be worth the trouble. Facial recognition capability is a hot topic for discussion amongst law enforcement officials of every jurisdiction. Imagine if you will a closely knit hodgepodge of surveillance video data that includes E-Pass toll cameras, red light cameras, intersection surveillance cameras these new public transportation cameras and drone-based surveillance. With immediate license plate identification and federal warrant checks based on video surveillance already in place in many US cities, facial recognition for off-the-roads automated identity checks is what is missing. This would provide a *huge* advantage for law enforcement. Man hunts would be a thing of the past. For fugitives, enemies of the state, and normal folks like you and I, there would be nowhere remotely resembling civilization to run. Even in this paranoid scenario, however, there is no need for audio recording.

[Hat Tip to Wired magazine for the scoop]

RAT Bastard

Earlier this week, several servers I maintain were targeted by automated attempts to upload a remote access trojan (RAT). The RAT is a simpl...