Being Viewed On BlackVue

@rfdevere Blog

Today I have been looking at the BlackVue Cloud portal of horrors. BlackVue manufacture smart dash cams, some of their models enable remote access and have LTE data capability. What this means is that you can install the camera in your car/truck/ambulance and check the speed and location, hear audio from the cabin and view a live stream of the camera – pretty nifty tech.

But the issue is that hundreds of these cameras are completely open to the world. In a truly bizarre take on privacy, you can select cameras from a map of users around the world and just dip in and watch them.

 

So normally we would be reporting this issue to a company in private, but we were shocked to hear they already know. Here is where it starts to get interesting to us, after Vice covered the story BlackVue made changes to their sharing settings. In fact, they reverted everyone’s privacy settings back to private to help quash the bad publicity. So today, if a camera is broadcasting their information it has been re-enabled since that event. The issue is I don’t think the people sharing the information have the right to share it in the manner they are. Let’s recap on the CCTV Safari we went on:

This is obviously an Ambulance. You can see the exact location and NHS trust it belongs to from the map location in the portal. Sound isn’t enabled so privacy in the cab is maintained to an extent but the camera footage and location are open to all. Imagine the scene, you’ve been involved in a car crash or a sensitive medical emergency and the ambulance rocks up with a live stream of viewers – hardly professional. Whilst I am sure the ambulance service could benefit from technology like this, why is it open to the world?

 


 

The woman in this car is a senior nurse or surgeon called Sarah, she had to cancel Mr Smith’s pending surgery which was planned for Friday due to the fact he consumed warfarin and no one told him he shouldn’t prior to his operation. Mr Smith lives alone and he was having an angiogram as part of a wider range of medical investigations into his health. We know this because the driver of the car received calls from her PA throughout the 15 minutes we observed the car. Details in the call enabled us to locate the office she works for, Mr Smith (not his real name) and the senior partner who was to be CC’d into Sarah’s emails. Sarah also lied to several people about being stuck in traffic, despite travelling on an open stretch of road.

 


 

Yusaf seemed like a nice chap, he was full of business strategy talk. He gave some good advice to his passenger “You have to be smart and high class. The rest is a gift from God.” I did feel for him because the best strategies in business are kept to yourself and I can’t help wonder how many other voyeuristic nerd types also got his words of wisdom at the same time as us. His passenger was recorded saying some unsavoury things – blissfully unaware of the recording (probably).

 


 

This taxi driver had his camera enabled and we observed a conversation, shortly afterwards a woman entered her home holding her baby. Her name, GPS location of her house and all shared with the world.

 

So as explained, I think if you want to broadcast yourself 24/7 that is your own weird choice but nonetheless, people should be entitled to make it. But what about the other people in these common situations. The injured patient filmed by the ambulance, Mr Smith’s medical information shared with me, Yusaf’s charismatic passenger and the taxi customer’s home address.

Does their privacy not count anymore?! Do we sacrifice the rights of others for our own curiosity and convenience? I don’t think we should and I don’t think it is right.

It turns out if you actually set the device to ‘private’, a stranger can still track the device. To BlackVue private just means turning off the audio and camera feed but leaving the GPS data accessible. We thought we would go and visit one of the private cameras and see if they knew just how private it really was!

I selected a private camera from the map and headed to it in my car – turns out the extra effort was worth it because it connected me to a radio enthusiast who was all very helpful. After a knock at Mr Close’s front door, I politely explained I was writing a blog about these cameras and noticed he has set his to private. An odd concept to explain to a stranger on their doorstep after you have used their location to track them down.

Mr Close knew he had set the privacy settings to restrict a live stream of his vehicle but expected the privacy decision he made to be reflected in the location sharing as well – he was slightly annoyed it wasn’t.

He really was a great sport, passionate about radio, Linux and technology, Mr Close wasn’t some bumbling idiot who couldn’t set a setting, he was just a customer of BlackVue and bought a decent camera to capture a car incident should he be involved in one.

 

I am left speechless by the whole research. I want to close the lid on BlackVue and never think again about them. Around the world, hundreds of people are unwittingly spilling data. For about two hours this was a cyber security consultant writing a blog but I dread to think of the types of people who could benefit from the leaked details of these innocent passengers.

 

There is of course an assumption that every camera was set up by the driver and not secretly by their partner or employer, let me say, some people evidently didn’t know they were being recorded.