Flock Hardcoded the Password for America's Surveillance Infrastructure 53 Times
A security researcher discovered that Flock Safety, a company providing surveillance infrastructure to law enforcement, hardcoded an API key into its public-facing JavaScript bundles. This key granted unrestricted access to Flock's ArcGIS mapping environment, which consolidates sensitive data including license plate detections, patrol car locations, and surveillance camera feeds from thousands of agencies nationwide. The vulnerability was exposed across 53 separate endpoints, potentially compromising the privacy and security of the data aggregated by Flock Safety's extensive network. AI
IMPACT Highlights potential security risks in AI-adjacent infrastructure used for data aggregation and analysis.