

Hacker Pwns Police Cruiser and Lives to Tell the Tale - TheloniusPhunk
http://www.theregister.co.uk/2011/05/03/cop_car_hacking/?utm_medium=twitter&utm_source=twitterfeed

======
nathanb
Title seems a bit disingenuous; a professional pen tester getting a live feed
from a camera on a police car does not constitute a "hacker pwning a police
cruiser", and whether he would live to tell the tale doesn't appear to have
been in doubt.

If I write a blog post about going to the grocer's, should I post it to HN
with the title "hacker infiltrates local business, lives to tell the tale"?

~~~
endgame
> If I write a blog post about going to the grocer's, should I post it to HN
> with the title "hacker infiltrates local business, lives to tell the tale"?

If you want to get a lot of points on HN, then I guess that's what you should
do. Alternatively, here are some other ideas:

* Why a startup is like X/X for startups

* Why founders should X

* XDD - X Driven Development

Here's an example:

* Brushing your teeth, for startups

* Why founders should brush their teeth

* TDD - Toothpaste Driven Development

~~~
chopsueyar
Hacker pwns Electric Toothbrush, Creates Startup

------
JonnieCache
This is always good for a laugh:

[https://encrypted.google.com/search?q=intitle%3A%22Live+View...](https://encrypted.google.com/search?q=intitle%3A%22Live+View+AXIS%22)

[https://encrypted.google.com/search?q=inurl%3Aview%2Fview.sh...](https://encrypted.google.com/search?q=inurl%3Aview%2Fview.shtml^)

Never turned up anything as fun as a policecar though.

~~~
alanfalcon
Every time I feel like I've got a grasp on just how insecure things are on the
Internet, it's like someone hits me over the head with slice of lemon, wrapped
around a large gold brick.

~~~
JonnieCache
To be fair, 90% of them are just webcams of tourist destinations, they're
probably linked from travel agency homepages. Google has to get to them
somehow.

Sometimes though, you get one of someones office. Just very occasionally, you
hit one with the controls to move the thing around, and you can make it wave
at people and watch them freak out.

~~~
alanfalcon
Ah. The first hit I had appeared to be in someone's bedroom.

------
zerosanity
Our company had a security system installed with cameras and DVR. About a week
after it was installed I scanned the internal network and found the device.
Googled for the open port detected and found the software to access the
device. Upon connecting to the device it asked for a user and password. I
didn't enter any and it logged me in. I had control of the device. It's scary
what "security" companies install on your network.

~~~
Hoff
Which would be quite entertaining if what you encountered was really a
honeytrap, looking for the identities of the more, um, inquisitive folks on
the local network.

But I'm guessing it wasn't that clever.

------
cbguder
The router manufacturer's website looks familiar, but I can't quite put my
finger on it: <http://utility.com/>

~~~
jarin
Shame shame for not preloading their mouseover images too.

------
joshaidan
What troubles me about this story is not so much the lack of security
protecting the camera's and the DVR, but the fact the police department was
wasting scarce IPv4 addresses on laptops and security cameras. These devices
should have been on a private internal network with private IP addresses.

Just saying. :)

~~~
drdaeman
So it would give us another month or two until some LIR would exhaust their
IPv4 pool?

All this "save the scarce IPv4" thing is just a procrastination to delay the
inevitable. While the transition is painful, we just can't keep IPv4 forever.
Numbers are cruel sometimes.

~~~
joshaidan
For sure we should transition.

------
fleitz
"The ability for civilians to secretly spy on officers responding to calls
could have serious consequences for their safety."

These are public employees performing a public duty. Unless there are
extenuating circumstances, maybe a SWAT raid or something, the public should
have access to this data to ensure that public employees are serving the
public good. At the bare minimum it should be available within hours of it's
creation.

Routine traffic stops? Police abusing their powers? This should definitely be
made available to the public if it is recorded. Justice must not only be done,
it must be seen to be done.

We have the technology to go big brother on government, why are we letting
them go big brother on us?

~~~
joebadmo
Maybe I'm mistaken, but I detect a note of disparagement toward our civil
servants who have signed up for a job that puts them in harm's way. Maybe, as
a military veteran, I'm over-sensitive/biased, but the tone is unnecessary to
your point.

That said, I totally agree, and the thought occurred to me, too, while reading
tfa that these recordings should be publicly available if not broadcast in
real time.

~~~
yid
Publicly available, yes, but real time? Really?

<picks up phone> hey skip, looks like a cruiser is on its way to you, yeah
about 5 minutes away, burn the evidence.

~~~
joebadmo
I thought of that, too, and yeah, you'd probably need a kill-switch for
situations like that, but a panopticon for uniformed police strikes me as a
great way to let everyone watch the watchmen, a badly needed check on an
easily abusable authority. Maybe you're right, though, I guess real-time isn't
really necessary.

~~~
chopsueyar
Real-time prevents Adobe After Effects.

------
jarin
Admittedly, I haven't read the Chicago Manual of Style in a while, but when
did it become acceptable to use "pwn" in a headline without quotes?

~~~
semanticist
The Register is a tech tabloid, not a broadsheet.

~~~
JonnieCache
To be specific, it is a kind of IT parody of The Sun, the whole style of it is
one big injoke about british newspaper journalism basically.

<http://www.thesun.co.uk>

Their motto is: "Integrity - we've heard of it."

Personally I love it, although its not as funny as it used to be.

------
sp332
Here's an old (2005) video of Kevin Rose building and demonstrating a handheld
"war spying" device to sniff wireless security cameras.
<http://revision3.com/systm/warspyingbox/> Some vulnerabilities are just a lot
of fun to exploit :)

