Data Security

Techie buys Axon body camera from eBay; finds unencrypted police videos

Upon analyzing the camera the researcher found a MicroSD card containing sensitive Police data.

eBay is home to millions of products but who could have imagined buying products containing sensitive information belonging to law enforcement authorities?

This is what happened recently when a security researcher who goes by the Twitter handle of @d0tslash  bought an Axon body-worn camera from eBay and was in for a surprise after finding real-life video footage of Fort Huachuca Military Police officials.

For your information, Axon or Axon Enterprise, Inc. is an Arizona-based company that technology products including body cameras to law enforcement authorities in the United States.

@d0tslash was able to extract the data since the camera came with a microSD card inserted in the device. Upon extraction, the researcher realized it contained sensitive information including videos showing cops conducting investigations, raids, and filing paperwork among other sensitive tasks.

One of the screenshots shared by the researcher on their Twitter account:

Data extracted from Axon camera (Image: d0tslash/Twitter)

The researcher took to Twitter to reveal his findings, and posted that:

“Annnnnd this is me shitting my pants as I listen to extracted evidence video from this @axon_us camera sold on eBay… (in bulk lots!) Time to buy em up before they disappear! Collect you some evidence!”

What’s worse is that the data was unencrypted and wasn’t password protected. @d0tslash used a tool called Foremost to extract the files. He even shared screenshots of the video footage he could obtain from the microSD card. In the screenshots shared by @d0tslash, Military Police officials are seen entering someone’s home and filing paperwork.

Data extracted from Axon camera (Image: d0tslash/Twitter)

@d0tslash offered to send the SD card back to the police and claimed that after listening to the audio for a “few seconds” to verify its authenticity, he removed all the extracted files. Interestingly, the Scottsdale-based Axon was the first to respond and accept the offer. 

According to Axon’s statement, the camera in question is an Axon Body 1, one of the company’s earliest generation models. This model was launched in 2013 and discontinued in 2015. The latest generation model Axon Body 3, has all the advanced security measures, including encrypted storage, to save video footage from being extracted in case the camera is lost or isn’t disposed of properly.

“We are aware of this issue and have launched an investigation looking into the matter. We are also reevaluating our processes to better emphasize proper disposal procedures for our customers,” the company told Arizona Mirror.

Not for the first time

This is not the first time when a product with sensitive information was sold on eBay. In May this year, a hacker found Spotify passwords, Gmail, Netflix session cookies, and other sensitive data on Tesla car parts sold on eBay.

In another incident, researchers bought a laptop from eBay that contained German military data without any protection. But, nothing beats 2017’s sale in which the FBI’s surveillance van was being sold on eBay for just U$18,700.

To Top

Pin It on Pinterest

Share This