Consumer Rights Wiki

Flock license plate readers: Difference between revisions

← Older edit
VisualWikitext
Venture18+ (talk | contribs)
confirmed
60 edits
added archive URLs, properly added source dates, added author names, removed duplicate citations, added 'dead' URL-status tags, added 'registration' URL-access tag
Rudxain (talk | contribs)
confirmed, superconfirmed
890 edits
m link ADB
 
Line 154: Line 154:
This represents one of several major security disclosures in the past decade. In 2015, the Electronic Frontier Foundation documented more than 100 ALPR cameras accessible on the open internet, often without passwords or proper configuration.<ref name=":4" /> A more serious documented breach occurred in 2019, when Perceptics, LLC, a subcontractor for U.S. Customs and Border Protection, exposed approximately 105,000 license plate images and 184,000 traveler facial images.<ref>{{Cite web |title=Review of CBP's Major Cybersecurity Incident During a 2019 Biometric Pilot |url=https://www.oig.dhs.gov/sites/default/files/assets/2020-09/OIG-20-71-Sep20.pdf |archive-url=http://web.archive.org/web/20260121195004/https://www.oig.dhs.gov/sites/default/files/assets/2020-09/OIG-20-71-Sep20.pdf |archive-date=21 Jan 2026}}</ref>
This represents one of several major security disclosures in the past decade. In 2015, the Electronic Frontier Foundation documented more than 100 ALPR cameras accessible on the open internet, often without passwords or proper configuration.<ref name=":4" /> A more serious documented breach occurred in 2019, when Perceptics, LLC, a subcontractor for U.S. Customs and Border Protection, exposed approximately 105,000 license plate images and 184,000 traveler facial images.<ref>{{Cite web |title=Review of CBP's Major Cybersecurity Incident During a 2019 Biometric Pilot |url=https://www.oig.dhs.gov/sites/default/files/assets/2020-09/OIG-20-71-Sep20.pdf |archive-url=http://web.archive.org/web/20260121195004/https://www.oig.dhs.gov/sites/default/files/assets/2020-09/OIG-20-71-Sep20.pdf |archive-date=21 Jan 2026}}</ref>


In 2025 it has been discovered that the cameras run [[wikipedia:Android_Oreo|Android 8.0 (Oreo)]] an operating system with 90 security vulnerabilities.  The cameras also send data unencrypted and are easily tricked by stingrays.  The compute boxes have easily accessible USB-c ports leaving the device vulnerable to rubber duckies.  When the power button is pressed in a specific order the device emits a Wi-Fi hotspot that can be used to gain adb access.<ref>{{Cite web |last=Benn |first=Jordan |date=2025-11-16 |title=We Hacked Flock Safety Cameras in under 30 Seconds. |url=https://www.youtube.com/watch?v=uB0gr7Fh6lY |website=YouTube |archive-url=https://preservetube.com/watch?v=uB0gr7Fh6lY |archive-date=23 Feb 2026}}</ref>
In 2025 it has been discovered that the cameras run [[wikipedia:Android_Oreo|Android 8.0 (Oreo)]] an operating system with 90 security vulnerabilities.  The cameras also send data unencrypted and are easily tricked by stingrays.  The compute boxes have easily accessible USB-c ports leaving the device vulnerable to rubber duckies.  When the power button is pressed in a specific order the device emits a Wi-Fi hotspot that can be used to gain [[wikipedia:Android_Debug_Bridge|ADB]] access.<ref>{{Cite web |last=Benn |first=Jordan |date=2025-11-16 |title=We Hacked Flock Safety Cameras in under 30 Seconds. |url=https://www.youtube.com/watch?v=uB0gr7Fh6lY |website=YouTube |archive-url=https://preservetube.com/watch?v=uB0gr7Fh6lY |archive-date=23 Feb 2026}}</ref>


==Government accountability and oversight==
==Government accountability and oversight==
Retrieved from "https://consumerrights.wiki/w/Flock_license_plate_readers"