This Flock Camera Leak is like Netflix For Stalkers

ɔiƚoxɘup@beehaw.org · 9 hours ago

This Flock Camera Leak is like Netflix For Stalkers

Zikeji@programming.dev · 8 hours ago

My former coworker left to work at Flock in their R&D department and every time I see Flock popup I check his LinkedIn to see if he’s still there and hyup. I didn’t take him for the type, but I mean as recently as a month ago he was praising them.

northendtrooper@lemmy.ca · 4 hours ago

Praising the company or praising the paycheck.

Zikeji@programming.dev · 3 hours ago

I new product he helped release. So the former.

hodgepodgin@lemmy.zip · edit-2 8 hours ago

Lot of mixed feelings from this video. Author doesn’t seem to know you can also do the exact same thing with any other HikVision camera too. I was pulling (at least one) month-old feeds back in July from generic cameras using default credentials. Definitely seems like a configuration issue to not require any at all. Given the sheer amount of these (there’s a lot in my area), why could the author only find 60 feeds? Also none of these are responding to HTTP requests anymore as I have tried all links from his shodan query.

apotheotic (she/her)@beehaw.org · 3 hours ago

The author does know - I guarantee it. The author wasn’t claiming that this is an unique issue to Flock cameras, but rather that the folks behind the Flock cameras are negligent and creating an unsafe environment (among orher things)

Bad_Engineering@fedia.io · 4 hours ago

There’s a huge difference between someone putting a webcam on their house for personal security and an AI driven face tracking camera that purposefully records every person that wanders into its field of vision being setup in a public park and on every street corner in the country.

dan@upvote.au · edit-2 3 hours ago

you can also do the exact same thing with any other HikVision camera too

Most people that install security cameras don’t directly connect them to the internet like this. A company that’s installing them at scale should be aware of this.

using default credentials

Modern Hikvision and Dahua cameras don’t have a default password. They require you to set a strong password during initial setup.

In general, a lot of electronics have moved away from generic default passwords, as many jurisdictions ban them now. Any modern device should either require you to set the password during initial setup, or have a randomly-generated password printed on a sticker under the device.

The device you found was either a very old one, or one where the owner intentionally set a basic password.