In a recent revelation, Australian police officers have been found to be potentially trackable through publicly available Bluetooth applications, a situation arising from a design flaw in a widely used line of tasers and body-worn cameras. An unnamed hacker from Victoria demonstrated this vulnerability during an interview with Four Corners, showcasing how certain Android apps designed to detect nearby Bluetooth devices could easily identify the location of police equipment.
The hacker’s exploration began innocently enough while logging Bluetooth devices on his phone. To his surprise, he began receiving notifications for body-worn cameras and tasers, which prompted him to investigate further. Specifically, he was able to track devices manufactured by the American tech company Axon, which supplies law enforcement agencies with these tools.
Positioned strategically near a police station, the hacker received multiple alerts, ultimately pinpointing the latitude and longitude of police officers, along with the model and serial numbers of their devices, as reported by ABC News.
Understanding the Vulnerability
The core of this vulnerability lies in the use of MAC addresses, unique identifiers that can reveal a device’s manufacturer. While many devices employ MAC address randomization to enhance security, Axon appears to have overlooked this crucial step. The hacker expressed concern, suggesting that the engineers responsible for the devices may have lacked awareness or expertise regarding these security measures.
Axon has established itself as a significant player in law enforcement technology, with its tasers utilized by over 18,000 agencies worldwide, including those in Australia. Its Axon Body 2 cameras are reportedly more prevalent in major cities than any other police body camera on the market.
Tracking Capabilities and Implications
The hacker claimed that he developed custom software capable of tracking devices from distances exceeding 400 meters. This range could be further extended using inexpensive Bluetooth scanning units, raising alarming possibilities regarding the potential for premeditated criminal activities targeting police locations. He emphasized the seriousness of the situation, stating, “Essentially, it can be weaponised.” With the right tools, a malicious actor could monitor police movements in real-time, even from several kilometers away.
In light of these findings, the hacker reached out to various police and national security agencies in Australia, warning them about the risks associated with Axon’s tasers. He expressed frustration over the lack of response, particularly in his home state of Victoria, where he cautioned that the devices could effectively turn officers into “beacons” broadcasting their locations.
Police Response to the Concerns
In response to the hacker’s claims, a spokesperson for Victoria Police stated that their own testing had not revealed any unauthorized access or tracking issues with the tasers or body-worn cameras. They assured that while these devices are discoverable over Bluetooth and Wi-Fi, they are equipped with built-in security features designed to prevent unauthorized access.
Similarly, the NSW Police Force acknowledged awareness of the security concerns but expressed confidence in the security measures in place. They noted that tracking methods aimed at monitoring police activity are not exclusive to Axon devices, posing ongoing challenges for law enforcement agencies as a whole.
Meanwhile, a spokesperson for South Australia Police indicated that they are transitioning to Axon’s latest T10 taser model but clarified that Bluetooth integration with body-worn video systems would not be utilized. Other agencies, including the Australian Federal Police, echoed the sentiment that their devices possess security features to thwart remote access.
Global Implications of the Flaw
Interestingly, the implications of this vulnerability extend beyond Australian borders. Reports indicate that US Border Patrol agents were instructed to cease using Axon body cameras in the field due to similar tracking-related risks identified in the devices. The hacker pointed out that the flaw exists at the hardware level, suggesting that Axon would face significant challenges in addressing the issue, as it would require a complete redesign of the system rather than a simple software update.
As the situation unfolds, Axon has been approached for comment but has yet to respond. The ongoing discourse surrounding this vulnerability raises critical questions about the intersection of technology, security, and law enforcement practices in an increasingly connected world.
