Monday, July 13, 2026

Welcome to the fishbowl. Smile for the 113,000 cameras.

Have Flock cameras ever been hacked?

Grok:

Yes, Flock Safety camera systems have faced multiple reported security vulnerabilities, misconfigurations, and demonstrations of compromise, though the company has disputed characterizations of full-scale "hacks." Key Incidents and Findings
  • Physical access exploits (2025): Researchers (including Jon Gaines/GainSec and Benn Jordan) demonstrated that with physical access to certain Flock cameras (e.g., bought on eBay), they could gain control in under 30 seconds. Methods included pressing a button sequence to enable a diagnostic Wi-Fi hotspot (default password often "security"), using Android debug tools (ADB), and accessing root shells, firmware, video feeds, or uploading malware. This allowed manipulating footage, deleting videos, or turning devices into spy tools.
  • Exposed live feeds and admin panels (late 2025–early 2026): Multiple Flock Condor (AI-powered PTZ) cameras were left streaming live video and archived footage (up to 30 days) openly on the internet. No passwords were required for access, viewing, downloading, or changing settings in some cases. Researchers used tools like Shodan to find them; journalists and YouTubers verified by tracking themselves in real time. Flock described it as affecting a small number of cameras.
  • Other vulnerabilities: Reports highlighted issues like unlocked bootloaders, hardcoded credentials, outdated Android kernels (e.g., 8.1 with many unpatched CVEs), lack of mandatory multi-factor authentication for some police logins, and information disclosure. Several CVEs were assigned (e.g., CVE-2025-59407 and related ones).
These issues led to public backlash, videos with millions of views, privacy concerns, and some cities reviewing or pausing contracts

No comments: