- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
This must not be allowed to continue! I just do not have the words for this.
You must log in or # to comment.
Flock is a disgrace for the technology and innovation section.
And governments just like it way too much. Do with your tax money govements are paying these companies a lot of money so they can track you again. It’s insane and I don’t believe this should be legal.
My former coworker left to work at Flock in their R&D department and every time I see Flock popup I check his LinkedIn to see if he’s still there and hyup. I didn’t take him for the type, but I mean as recently as a month ago he was praising them.
Praising the company or praising the paycheck.
I new product he helped release. So the former.
Lot of mixed feelings from this video. Author doesn’t seem to know you can also do the exact same thing with any other HikVision camera too. I was pulling (at least one) month-old feeds back in July from generic cameras using default credentials. Definitely seems like a configuration issue to not require any at all. Given the sheer amount of these (there’s a lot in my area), why could the author only find 60 feeds? Also none of these are responding to HTTP requests anymore as I have tried all links from his shodan query.
This is a much wider issue. So many people leave the default password on devices. I once installed an automatic gate with a pushbutton keypad at an airport and they wanted me to leave the default password of 0000 because it was easy to remember. I argued with them for 10 min, but they had the programming instructions and the airport manager straight up told me he’d just do it himself after I left, so I imagine that’s what happened because he seemed pretty thick and didn’t think that was an issue at all.
you can also do the exact same thing with any other HikVision camera too
Most people that install security cameras don’t directly connect them to the internet like this. A company that’s installing them at scale should be aware of this.
using default credentials
Modern Hikvision and Dahua cameras don’t have a default password. They require you to set a strong password during initial setup.
In general, a lot of electronics have moved away from generic default passwords, as many jurisdictions ban them now. Any modern device should either require you to set the password during initial setup, or have a randomly-generated password printed on a sticker under the device.
The device you found was either a very old one, or one where the owner intentionally set a basic password.
The author does know - I guarantee it. The author wasn’t claiming that this is an unique issue to Flock cameras, but rather that the folks behind the Flock cameras are negligent and creating an unsafe environment (among orher things)
There’s a huge difference between someone putting a webcam on their house for personal security and an AI driven face tracking camera that purposefully records every person that wanders into its field of vision being setup in a public park and on every street corner in the country.
Are HikVision cameras being used to surveil people on a level never before seen in this country? Serious question, I truly don’t know…
It’s all well and good to prove someone wrong, and it seems you’ve done this with only one of his arguments but only partially. It seems a safe argument that security ought to be default for something that gets placed anywhere and everywhere. He should never have been able to make that video due to the high quality of the security of the devices.
This is a video about Flock cameras, it shouldn’t be surprising that they didn’t talk about some other brand.
