Axon View Security
What is Axon View?
Axon View is a mobile application for Android and iOS devices that allows an agency user to wirelessly interact with an Axon camera to view recorded videos, preview live video capture, and apply metadata to video files.
Axon View Security Safeguards
Axon View protects the confidentiality and integrity of video files and an agency's implementation of Axon cameras through the following safeguards:
Requires physical access to Axon camera
- Physical access to the Axon camera is required to initiate pairing with Axon View
- Axon View requires persistent close proximity to an Axon camera to provide functionality
Limited, non-destructive interactions with Axon camera and video
- Axon View can only view videos currently stored on the paired Axon camera
- Axon View cannot delete or alter original video files that are stored on an Axon camera
- Axon View cannot inhibit a video from being transferred or uploaded to Axon Evidence.com, Axon Commander or Evidence Sync
- Axon View cannot be used as a transfer mechanism to offload video to Axon Evidence.com or other systems
- Axon View cannot be used to view evidence stored within Axon Evidence.com, Axon Commander, or Evidence Sync
Secure application design
- Axon View does not retain video files on the mobile device
- Axon View leverages application sandboxing and security functionality, such as data encryption at rest, made available by the mobile device operating system
How Does Axon View Work?
Axon View requires a secure wireless connection to play video from or manage metadata on an Axon camera. Axon View facilitates a mobile device to pair and connect with an Axon camera using Bluetooth technology. With newer models of Axon cameras, Axon View facilitates the mobile device to connect to a secure Wi-Fi network provided by the Axon camera, which provides a high-bandwidth, secure connection between the Axon camera and Axon View.
Pairing an Axon Camera with Axon View
Pairing of the Axon View application to an Axon Camera is performed over Bluetooth. Both Axon View and the Axon camera must be set into pairing mode. Pairing mode on an Axon camera requires the simultaneous pressing of physical buttons as further described in the Axon Help Center. Upon pairing, Axon View and the Axon camera securely establish an encrypted session for subsequent communications.
Interfacing with an Axon Camera from Axon View
Communications between a paired Axon camera and Axon View are transferred over the established encrypted session. Axon camera interactions that can be initiated from Axon View for specific Axon cameras are outlined in the Axon Help Center and generally include the below:
- Checking cameras status (e.g. recording/buffering status, battery remaining)
- Initiate live video
- View recorded video
- Apply metadata to recorded video (e.g. GPS data, categories and title)
- Manage agency-allowed user level camera configuration (e.g. stealth mode, haptic feedback, volume)
Axon Evidence.com administrators can apply agency-wide restrictions on Axon cameras registered to their agency to manage and restrict Axon View functionality available to their users.
Live and Recorded Video
On newer models of Axon cameras, live and recorded video playing is conducted over a secure Wi-Fi network provided by the Axon camera. Upon request for playing of live or recorded video from Axon View, the Axon camera will create a secure Wi-Fi network and provide the necessary information to Axon View to facilitate connectivity. Older models of Axon cameras will leverage the established Bluetooth connection for live and recorded video.
Consult the Axon Help Center to determine if your camera leverages Wi-Fi playback.
Axon View Technical Security Details
Axon View uses Bluetooth for communications between the Axon camera and mobile device. Dependent on the Axon camera model, Bluetooth Low Energy (LE) or Bluetooth Classic may be utilized. When Bluetooth LE is utilized, Axon View has implemented application-level secure pairing due to known limitations in Bluetooth LE pairing security. On initial connection over Bluetooth LE, the Axon camera and Axon View utilize the Elliptic-curve Diffie-Hellman key exchange protocol to exchange cryptographic keys. These keys are used as a basis to derive AES-256 bit session keys unique to each session to ensure communication security. When Bluetooth Classic is utilized, Simple Secure Pairing - Just Works provides for secure pairing between Axon View and the Axon camera.
For high speed communication, such as viewing the live feed or playing back video, Axon View utilizes Wi-Fi on supported Axon cameras. Upon request from Axon View, the Axon camera will create a secure Wi-Fi network with a unique, non-broadcasted service set identifier (SSID). The Axon camera acts as an Access Point (AP) in Infrastructure Mode. The Wi-Fi network created by the Axon camera is a Wi-Fi Protected Access 2 - Pre Shared Key (WPA2-PSK) network which requires for client connectivity the secret key (passphrase) as generated on the Axon camera during the initial pairing process between Axon View and the Axon camera. The mechanism in which the Axon camera transmits the network SSID and passphrase to Axon View for connectivity is dependent on the mobile device's operating system, as described below:
Wi-Fi Setup (Android)
The Axon camera shares the network SSID and passphrase with the Axon View application over the previously established secure Bluetooth channel. Axon View will instruct the Android mobile device to connect to this network.
Wi-Fi Setup (iOS)
The Axon camera shares the network SSID and passphrase with the Axon View application over the previously established secure Bluetooth channel. Axon View, in coordination with iOS, transmits over SSL to Evidence.com the Axon camera's network SSID and passphrase. Evidence.com generates a digitally signed iOS Configuration Profile with the necessary network configuration information. Evidence.com responds to Axon View with a URL and token to retrieve the generated iOS Configuration Profile. The iOS device opens the provided URL in Safari. The user must click a displayed hyperlink in Safari to download the generated iOS Configuration Profile. Upon clicking the link, iOS launches iOS's Settings and prompts the user to install the iOS Configuration Profile. Once the user has performed action to install the iOS Configuration Profile, iOS returns the user to the previously provided URL within Safari. The webpage now displays user instruction to return to Axon View. With the iOS Configuration Profile installed, Axon View will now be able to connect to and communicate with the the Axon camera over Wi-Fi.
Upon successful establishment of Wi-Fi connectivity between the Axon camera and Axon View, subsequent communications and playing of live or recorded video will occur over the encrypted Wi-Fi network. When an Axon camera pairs to a new device, the previously generated passphrase for Wi-Fi connectivity is purged from the Axon camera and invalidated. A new passphrase is generated by the Axon camera in subsequent pairing processes and previous passphrases are made invalid.
Local storage on mobile device
Axon View does not retain video files on the mobile device. Axon View makes very minimal use of local application storage. Video evidence and the associated textual metadata are stored on the camera and is never saved on the phone. A low resolution thumbnail for each video is stored temporarily on mobile devices such that quick access is possible, however access to that thumbnail is restricted to the Axon View application by the mobile operating system file system controls, including data encryption at rest if enabled.
When metadata is tagged to videos from Axon View, the metadata is securely transferred to the Axon camera for storage and subsequent association when the video is offloaded via the Axon Dock or Evidence Sync.