Big Brother Left the Door Open: Flock’s AI Surveillance Cameras Exposed to the Internet

Kate Garibaldi

Illustration of a red surveillance camera between two blue eye icons, set against a background of digital binary code, symbolizing digital surveillance and data monitoring.

A series of investigative reports sent shockwaves through the tech and privacy communities when it was revealed that dozens of Flock Safety’s AI‑powered surveillance cameras were left streaming live footage to the open internet, unprotected and accessible to anyone who knew where to look.

What initially appeared to be a narrow technical misconfiguration soon came to symbolize deeper concerns about the rapid deployment of private surveillance systems in public spaces, corporate oversight, and the balance between crime‑fighting and civil liberties.

To put it into perspective, researchers estimate that there are 80,000 or more Flock cameras currently deployed, including automated license plate readers, pan‑tilt‑zoom surveillance units, mobile devices, and third‑party integrated cameras connected to Flock’s systems, yet many citizens are not even aware of these devices’ existence.

At the center of the controversy is Flock Safety, a company that has quietly built one of the most expansive private surveillance networks in the United States, with cameras installed in thousands of towns and cities. Critics now say that the recent exposure highlights how easily these systems can compromise privacy and trust when security is treated as an afterthought.

What Are Flock Cameras and How Widespread Are They?

Flock Safety, founded in 2017 by Georgia Tech alumni, is best known as a manufacturer and operator of automated license plate readers (ALPR), video surveillance equipment, and gunfire detection sensors. The company’s products are marketed primarily to law enforcement agencies, neighborhood associations, private property owners, and municipalities. According to its own disclosures, Flock operates in more than 5,000 communities across 49 states, capturing billions of vehicle scans per month.

While ALPRs photograph and index vehicle license plates for law enforcement leads, Flock’s Condor pan‑tilt‑zoom (PTZ) cameras represent a larger step into continuous video surveillance of people and places. These Condor units are capable of automatically tracking individuals and vehicles, zooming in on faces or movements as subjects traverse public areas such as parking lots, bike paths, or playgrounds. Unlike static license plate cameras, Condor cameras can be manually controlled or configured to use artificial intelligence to follow motion and focus on subjects of interest.

This broad and growing surveillance footprint has been applauded by some police departments as a valuable investigative tool and criticized by privacy advocates as a pervasive surveillance apparatus that operates largely outside traditional public oversight.

The Exposure: Cameras Streaming to Anyone Online

The first public sign of trouble came with a detailed investigation by 404 Media, corroborated by technologist and YouTube creator Benn Jordan and security researcher Jon “GainSec” Gaines, which found that at least 60 of Flock’s Condor PTZ cameras were publicly accessible on the open internet without any authentication. This meant that anyone with a modern browser and basic technical knowledge could view live footage, access archived video going back 30 days, and, in some cases, interact with administrative controls normally reserved for authorized operators.

One of the most striking scenes from the reporting came from Bakersfield, California, where a 404 Media reporter watched himself in real time on his phone as a Flock camera recorded and livestreamed him standing in the street without any password requirement. The same exposed feed was viewable by the reporter’s colleagues hundreds of miles away through the uncovered link.

The investigation documented how exposed Condor cameras captured people walking dogs on suburban bike paths, shoppers moving through parking lots, children swinging on playground sets, and even rollerbladers moving along public greenways. In one striking instance, researchers watched a man rollerblading down Brookhaven, Georgia’s Peachtree Creek Greenway, with the camera automatically zooming in on him. Minutes later, that same individual appeared on another exposed camera further along the path, illustrating both the mobility of surveillance and the resolution of the footage.

The accessibility of these cameras underscored the very human stakes of the story. In some cases, researchers watched unattended children at public playgrounds, parents and caregivers going about their routines, and individuals in mundane, everyday situations. According to reporting, none of the livestreams were encrypted, and no login was required to access either the live feeds or the stored videos. An exposed camera could easily be used to identify people by their faces or license plates, raising serious concerns about personal privacy and the potential for misuse of the footage.

What made the exposure more alarming was not just the live feeds but the administrative access available to anyone who found these streams. Some cameras’ control panels allowed the viewer to change camera settings, run system diagnostics, view internal log files, and download months of archived footage, all without a username or password.

How the Cameras Were Found

The exposed cameras came to light through the use of Shodan, a search engine that indexes internet-connected devices. Researchers used Shodan to locate public IP addresses associated with Flock’s Condor cameras that were misconfigured to accept traffic from the open internet. From there, the investigative team verified their findings by visiting the physical camera locations and observing themselves or colleagues live on the unsecured feeds.

This method highlights a broader cybersecurity problem: any internet-connected device without proper security controls, whether a surveillance camera, baby monitor, or industrial system, can be indexed and accessed by unauthorized users if misconfigured.

Company Response and Claims of a Misconfiguration

In response to inquiries, Flock Safety characterized the incident as a limited misconfiguration affecting a small number of devices and stated that the problem had since been corrected. The company told reporters that the exposure was not the result of a hacking incident and that its cloud infrastructure had not been compromised. Flock declined to provide deeper technical details about the flaw or the underlying causes of the exposures, and did not say how many cameras were affected in total.

Critics have questioned both the vagueness of the company’s explanation and the absence of a comprehensive public disclosure, suggesting that the incident reveals systemic weaknesses in oversight, device hardening procedures, and internal security practices.

Not an Isolated Problem: Broader Flock Safety Concerns

The camera exposure occurred amid other controversies surrounding Flock Safety. Back in August, ranking member of the House Oversight Committee Robert Garcia (D-CA) initiated an investigation into Flock Safety over reports and cases in which its ALPR system was used by law enforcement to “track women across state lines following abortion care and to conduct unauthorized immigration enforcement operations.”

“On May 9, 2025, an officer from the Johnson County Sheriff’s Office in Texas provided “had an abortion, search for female” as his reason for using Flock’s ‘National Lookup’ feature to search automatic license plate reader data captured across multiple states. This search reportedly covered 6,809 Flock networks, or more than 83,000 cameras,” Garcia’s letter sent to the FTC states.

Additionally, in Texas, the Department of Public Safety (DPS) launched an investigation into the company’s operations over claims that it had operated certain cameras without a required private security license. According to local reporting, Flock’s license had lapsed because the company failed to maintain proof of required liability insurance, and although a new license was subsequently issued, the situation raised questions about whether the company complied with state regulatory requirements for private security operations while cameras were installed and active in public spaces. DPS officials have continued their review, even as Flock described the issue as an administrative matter that has since been resolved.

Beyond licensing issues, earlier reporting by 404 Media also exposed that Flock may have relied on overseas contract workers to review and classify surveillance footage as part of its AI training processes, raising additional questions about who has access to sensitive data and how that labor is managed across borders.

Long before the recent exposure, Flock Safety had been at the center of privacy and legal debates. In Washington state, a judge ruled that images captured by Flock cameras constitute public records, potentially subjecting them to disclosure under state transparency laws, further complicating how agencies and private citizens interact with the data. Privacy advocates have also raised concerns about how Flock’s data is stored, shared, and potentially integrated with law enforcement databases.

Meanwhile, in November, Congressman Raja Krishnamoorthi (D-IL) and Senator Ron Wyden (D-OR) formally called for an FTC investigation into Flock Safety for “for failing to implement cybersecurity protections, allowing Americans’ personal data to be exposed for hackers, criminals, and spies to steal.”

The exposure of Flock cameras to the open internet has galvanized calls from civil liberties organizations, technologists, and lawmakers for stronger oversight, independent security audits, public reporting requirements, and clearer legal frameworks to govern surveillance technologies. These reforms would aim to ensure that surveillance systems are not only effective in their stated public safety roles but also secure, transparent, and respectful of individuals’ privacy rights.

Whether this controversy will prompt meaningful policy changes or result in industry-wide reevaluation remains to be seen. But as Americans witness the vulnerabilities of digital surveillance infrastructure, the debate over how to balance innovation, security, and civil liberties in the 21st century is only growing louder.

Image credits: Header photo licensed via Depositphotos.

,
, , , , ,
PetaPixel articles may include affiliate links; if you buy something through such a link, PetaPixel may earn a commission.
Related Articles
An in-van Amazon surveillance camera clip Amazon Driver In-Van Surveillance Videos are Leaking Online
world first object detection ochestra The World’s First Orchestra Played Entirely by AI Surveillance Cameras
jaywalking china surveillance China Uses AI Camera to Capture Jaywalkers and Publicly Shame Them
Surveillance systems in public housing ‘Big Brother’ is Using Advanced Camera Tech and AI to Target the Poor
Discussion