Exposed: Dozens of Flock AI Camera Feeds Left Unsecured
▼ Summary
– Tech YouTuber Benn Jordan and 404 Media discovered over 60 live feeds from Flock’s AI surveillance cameras were publicly accessible online without a password.
– Flock provides AI-powered cameras, including license plate scanners and Condor models that track people, to thousands of law enforcement agencies and businesses.
– The exposed feeds allowed anyone to view live footage of private moments, like a person jogging or a couple arguing, as the cameras automatically zoomed in.
– The security flaw also gave open access to administrator panels, letting people download archives, change settings, delete footage, and run diagnostics.
– Flock stated this was a limited misconfiguration on a small number of devices that has since been fixed.
A significant security lapse recently exposed live video feeds from dozens of AI-powered surveillance cameras operated by Flock Safety, a major provider of technology to law enforcement and businesses. The unsecured streams, which required no username or password for access, were discovered by a technology researcher and a media outlet, raising serious concerns about privacy and data security in an increasingly monitored world. This incident highlights the potential vulnerabilities within systems designed for public safety.
The exposed feeds were connected to Flock’s Condor cameras, which are capable of panning, tilting, and zooming to automatically track people and vehicles. Researcher Benn Jordan detailed in a video how he was able to watch intimate, real-time moments from across the country, from a man leaving his house in New York to a woman jogging alone on a forest trail in Georgia. The camera’s artificial intelligence even autonomously zoomed in on specific details, such as a person watching videos on their phone or a couple having an argument at a street market.
Jordan collaborated with security researcher Jon Gaines, who had previously identified other flaws in Flock’s systems. Together, they located the live feeds using Shodan, a search engine that indexes internet-connected devices. Their discovery went beyond simple video streams. They also found administrator control panels linked to the cameras, granting the ability to download video archives from the previous 30 days, alter settings, delete footage, and run system diagnostics, all without any authentication.
In a statement provided to the investigating outlet, a Flock spokesperson described the issue as “a limited misconfiguration on a very small number of devices” that has since been fixed. The company did not immediately respond to further requests for comment from other news organizations. Flock has grown rapidly, partnering with thousands of agencies and recently integrating with Ring’s Neighbors app, which allows for the sharing of footage between platforms.
To confirm the feeds were live and accurately located, Jordan and a journalist visited some of the camera sites. They were able to see themselves filmed and displayed on the very same publicly accessible streams they had found online, confirming the extent of the exposure. This incident serves as a stark reminder of the privacy trade-offs inherent in widespread surveillance networks and the critical importance of robust digital security measures for all connected devices.
(Source: The Verge)
