Police-issued physique cameras have turn into ubiquitous instruments for recording regulation enforcement encounters, but a current investigation has uncovered troubling design selections in a budget-friendly system that compromise each privateness and knowledge integrity.
The Viidure cellular utility, designed to switch video proof from the digital camera’s onboard Wi-Fi hotspot to cloud servers, was discovered to speak over a nonstandard TLS port, directing delicate info to servers based mostly in China.
This conduct raises important considerations for departments counting on these gadgets to supply court-admissible proof.
Preliminary visitors captures revealed that the cellular app establishes TLS connections to app-api.lufengzhe.com:9091, alongside geolocation API calls to api.map.baidu.com:443 and loc.map.baidu.com:443.
Digital camera (Supply – Brown Positive Safety)
Whois queries confirmed that the first endpoint at 115.175.147.124 is owned by Huawei Worldwide Pte. Ltd. and originates from a Chinese language community block.
Using port 9091—unusual for HTTPS visitors—alerts an try to obscure routine knowledge flows, doubtlessly evading network-based monitoring instruments.
Brown Positive Safety analysts famous that the app’s reliance on improperly validated server certificates enabled an easy man-in-the-middle (MitM) assault.
By injecting solid certificates through a customized mitmrouter setup, researchers had been capable of intercept plaintext HTTP exchanges throughout the TLS tunnel.
Such misconfigurations not solely expose metadata like IMEI numbers and usernames but additionally threaten the confidentiality of recorded video streams.
Mitmrouter diagram (Supply – Brown Positive Safety)
Past mere metadata, the intercepted payloads embrace machine identifiers and utility model particulars.
The next snippet illustrates the HTTP POST request captured in the course of the MitM session:-
POST /iot/api/v1/model/verify HTTP/1.1
Host: app-api.lufengzhe.com:9091
Content material-Kind: utility/json
srapi_imei: 17562212185897060
srapi_time: 1757047550015
{
“knowledge”: [
{
“model”: “6zhentan_android”,
“version”: “v2.7.1.250712”,
“imei”: “17562212185897060”
}
],
“username”: “”
}
An infection Mechanism and Information Exfiltration
The Viidure utility doesn’t self-install malware however features as an inadvertent exfiltration vector as a result of its insecure communications design.
Upon pairing with the digital camera’s hotspot, the app robotically initiates background knowledge uploads with out consumer notification.
TLS connections to the Chinese language endpoint are established instantly, transmitting figuring out info alongside any captured media metadata.
Using port 9091 seems deliberate, more likely to bypass typical TLS inspection guidelines that concentrate on ports 443 and 8443.
Persistence of this conduct stems from the applying’s versioning system. Each time the app checks for updates—triggered at startup and periodically throughout use—it reaffirms the connection to the malicious endpoint.
With out rigorous certificates validation or consumer consent dialogs, departmental networks could stay unaware of routine knowledge streams exiting to unauthorized servers.
Safety groups ought to prioritize community segmentation and deep packet inspection guidelines that embrace nonstandard ports to detect and disrupt related knowledge flows.
Increase your SOC and assist your workforce shield your enterprise with free top-notch risk intelligence: Request TI Lookup Premium Trial.
