Title seems a bit disingenuous; a professional pen tester getting a live feed from a camera on a police car does not constitute a "hacker pwning a police cruiser", and whether he would live to tell the tale doesn't appear to have been in doubt.<p>If I write a blog post about going to the grocer's, should I post it to HN with the title "hacker infiltrates local business, lives to tell the tale"?
This is always good for a laugh:<p><a href="https://encrypted.google.com/search?q=intitle%3A%22Live+View+AXIS%22" rel="nofollow">https://encrypted.google.com/search?q=intitle%3A%22Live+View...</a><p><a href="https://encrypted.google.com/search?q=inurl%3Aview%2Fview.shtml^" rel="nofollow">https://encrypted.google.com/search?q=inurl%3Aview%2Fview.sh...</a><p>Never turned up anything as fun as a policecar though.
Our company had a security system installed with cameras and DVR. About a week after it was installed I scanned the internal network and found the device. Googled for the open port detected and found the software to access the device. Upon connecting to the device it asked for a user and password. I didn't enter any and it logged me in. I had control of the device. It's scary what "security" companies install on your network.
The router manufacturer's website looks familiar, but I can't quite put my finger on it: <a href="http://utility.com/" rel="nofollow">http://utility.com/</a>
What troubles me about this story is not so much the lack of security protecting the camera's and the DVR, but the fact the police department was wasting scarce IPv4 addresses on laptops and security cameras. These devices should have been on a private internal network with private IP addresses.<p>Just saying. :)
"The ability for civilians to secretly spy on officers responding to calls could have serious consequences for their safety."<p>These are public employees performing a public duty. Unless there are extenuating circumstances, maybe a SWAT raid or something, the public should have access to this data to ensure that public employees are serving the public good. At the bare minimum it should be available within hours of it's creation.<p>Routine traffic stops? Police abusing their powers? This should definitely be made available to the public if it is recorded. Justice must not only be done, it must be seen to be done.<p>We have the technology to go big brother on government, why are we letting them go big brother on us?
Here's an old (2005) video of Kevin Rose building and demonstrating a handheld "war spying" device to sniff wireless security cameras. <a href="http://revision3.com/systm/warspyingbox/" rel="nofollow">http://revision3.com/systm/warspyingbox/</a> Some vulnerabilities are just a lot of fun to exploit :)