Learn More

1
2
3

Table of Contents

Click any of the items below to jump to that section

  1. Cybersecurity Concerns
  2. Is Flock Effective?
  3. Transparency

1. Cybersecurity Concerns

Thanks to independent researchers who took it upon themselves to ethically hack offline Flock devices, we have some insight into the security measures (or lack-therof) that Flock has gone to to protect the vast amount of personal data they collect on Americans. Below are some highlights from the published research report[1] and a video by another researcher, Benn Jordan[2] covering it, as well as Flock's official response.

The first half of the video shows a detailed account of some of the most basic security vulnerabilities found in the Flock systems, as well as demonstrates that their claims about image deletion and encryption are blatantly false. These are not small issues that can be fixed with guardrails or use-policies. In fact, Flock's security is so lacking that Oregon Senator Ron Wyden is urging the FTC to investigate Flock for "needlessly exposing Americans' personal data to theft by hackers, foreign spies, and criminals."[3]

Here are some highlights from the report:

This level of security is a joke and is a testament to a fundamental lack of organizational respect for the security and privacy of customer and public data.

Flock acknowledged and responded on their blog in May 2025[4] to the initial public disclosure from the researchers and in Nov 2025[5] to the published report. They made no attempt to discredit the research, thus legitimizing it and showing us that we can trust the information. The posts were mostly typical corporate speak but a few things stood out. The below quote, which appears in bold text on their blog, really speaks to their priorities:

"Overall, none of the vulnerabilities detailed in the report have an impact on our customers' ability to carry out their public safety objectives."[4]

Members of the general public, the ones who stand to lose the most in the event of a security breach at Flock, are not customers of Flock. So long as the customers (government agencies and private businesses) don't lose access to their tracking tools, everything else is an afterthought. But even then, one of the vulnerabilities was possible remote control by a bad actor, so their statement isn't even true. They blatantly lied to their customers.

Flock also tried to downplay the vulnerabilities in their blog posts, but they offered some weak examples:

"Exploitation of these vulnerabilities would... require physical access to a device...[4] typically placed on a pole several feet above normal height."[5]

LPR cameras are left unattended on the side of the road. It's reasonable to expect that anyone can get physical access to these devices, no Mission Impossible stunts required. Unless you consider ladders to require specialized skill and access.

2. Is Flock Effective?

coming soon

3. Transparency

the wayback machine flock url error: sorry, this url has been excluded from the wayback machine

coming soon

References

  1. Gaines, Jon; Cohen, Joseph (11-05-2025). "Examining the Security Posture of an Anti-Crime Ecosystem." zenodo.
  2. Jordan, Benn (11-15-2025). "We Hacked Flock Safety Cameras in under 30 Seconds." YouTube.
  3. "Wyden, Krishnamoorthi Urge FTC to Investigate Surveillance Tech Company on Negligently Handling Americans' Personal Data." senate.gov
  4. "Response to Compiled Security Research on Flock Safety Devices." Flock Safety.
  5. "Gunshot Detection and License Plate Reader Security Alert." Flock Safety.