Flock license plate readers: Difference between revisions

Line 131:

==Security vulnerabilities==

In 2025, Flock Safety reported security vulnerabilities in its devices and submitted them to MITRE for inclusion in the National Vulnerability Database, including issues such as hard-coded credentials and improper access controls.<ref>{{Cite web |title= |url=https://www.flocksafety.com/blog/gunshot-detection-and-license-plate-reader-security-alert}}</ref><ref>{{Cite web |title= |url=https://www.cvedetails.com/cve/CVE-2025-59403/}}</ref> Similar security concerns have affected other ALPR systems, including exposure of default passwords and unencrypted data storage.<ref name=":4">{{Cite web |last=Quintin |first=Cooper |date=28 Oct 2015 |title=License Plate Readers Exposed! How Public Safety Agencies Responded to Major Vulnerabilities in Vehicle Surveillance Tech |url=https://www.eff.org/ur/deeplinks/2015/10/license-plate-readers-exposed-how-public-safety-agencies-responded-massive |website=Electronic Frontier Foundation}}</ref>

In 2025, Flock Safety reported security vulnerabilities in its devices and submitted them to MITRE for inclusion in the National Vulnerability Database, including issues such as hard-coded credentials and improper access controls.<ref>{{Cite web |date=2025-05-05 |title=Gunshot Detection and License Plate Reader Security Alert |url=https://www.flocksafety.com/blog/gunshot-detection-and-license-plate-reader-security-alert |website=Flock Safety}}</ref><ref>{{Cite web |date=2025-10-02 |title=CVE-2025-59403 : The Flock Safety Android Collins application (aka com.flocksafety.android.collin |url=https://www.cvedetails.com/cve/CVE-2025-59403/ |website=CVEdetails.com}}</ref> Similar security concerns have affected other ALPR systems, including exposure of default passwords and unencrypted data storage.<ref name=":4">{{Cite web |last=Quintin |first=Cooper |date=28 Oct 2015 |title=License Plate Readers Exposed! How Public Safety Agencies Responded to Major Vulnerabilities in Vehicle Surveillance Tech |url=https://www.eff.org/ur/deeplinks/2015/10/license-plate-readers-exposed-how-public-safety-agencies-responded-massive |website=Electronic Frontier Foundation}}</ref>

This represents one of several major security disclosures in the past decade. In 2015, the Electronic Frontier Foundation documented more than 100 ALPR cameras accessible on the open internet, often without passwords or proper configuration.<ref name=":4" /> A more serious documented breach occurred in 2019, when Perceptics, LLC, a subcontractor for U.S. Customs and Border Protection, exposed approximately 105,000 license plate images and 184,000 traveler facial images.<ref>{{Cite web |title= |url=https://www.oig.dhs.gov/sites/default/files/assets/2020-09/OIG-20-71-Sep20.pdf}}</ref>

This represents one of several major security disclosures in the past decade. In 2015, the Electronic Frontier Foundation documented more than 100 ALPR cameras accessible on the open internet, often without passwords or proper configuration.<ref name=":4" /> A more serious documented breach occurred in 2019, when Perceptics, LLC, a subcontractor for U.S. Customs and Border Protection, exposed approximately 105,000 license plate images and 184,000 traveler facial images.<ref>{{Cite web |title=Review of CBP's Major Cybersecurity Incident During a 2019 Biometric Pilot |url=https://www.oig.dhs.gov/sites/default/files/assets/2020-09/OIG-20-71-Sep20.pdf}}</ref>

==Government accountability and oversight==

@@ Line 131: / Line 131: @@
 ==Security vulnerabilities==
-In 2025, Flock Safety reported security vulnerabilities in its devices and submitted them to MITRE for inclusion in the National Vulnerability Database, including issues such as hard-coded credentials and improper access controls.<ref>{{Cite web |title= |url=https://www.flocksafety.com/blog/gunshot-detection-and-license-plate-reader-security-alert}}</ref><ref>{{Cite web |title= |url=https://www.cvedetails.com/cve/CVE-2025-59403/}}</ref>  Similar security concerns have affected other ALPR systems, including exposure of default passwords and unencrypted data storage.<ref name=":4">{{Cite web |last=Quintin |first=Cooper |date=28 Oct 2015 |title=License Plate Readers Exposed! How Public Safety Agencies Responded to Major Vulnerabilities in Vehicle Surveillance Tech |url=https://www.eff.org/ur/deeplinks/2015/10/license-plate-readers-exposed-how-public-safety-agencies-responded-massive |website=Electronic Frontier Foundation}}</ref>
+In 2025, Flock Safety reported security vulnerabilities in its devices and submitted them to MITRE for inclusion in the National Vulnerability Database, including issues such as hard-coded credentials and improper access controls.<ref>{{Cite web |date=2025-05-05 |title=Gunshot Detection and License Plate Reader Security Alert |url=https://www.flocksafety.com/blog/gunshot-detection-and-license-plate-reader-security-alert |website=Flock Safety}}</ref><ref>{{Cite web |date=2025-10-02 |title=CVE-2025-59403 : The Flock Safety Android Collins application (aka com.flocksafety.android.collin |url=https://www.cvedetails.com/cve/CVE-2025-59403/ |website=CVEdetails.com}}</ref>  Similar security concerns have affected other ALPR systems, including exposure of default passwords and unencrypted data storage.<ref name=":4">{{Cite web |last=Quintin |first=Cooper |date=28 Oct 2015 |title=License Plate Readers Exposed! How Public Safety Agencies Responded to Major Vulnerabilities in Vehicle Surveillance Tech |url=https://www.eff.org/ur/deeplinks/2015/10/license-plate-readers-exposed-how-public-safety-agencies-responded-massive |website=Electronic Frontier Foundation}}</ref>
-This represents one of several major security disclosures in the past decade. In 2015, the Electronic Frontier Foundation documented more than 100 ALPR cameras accessible on the open internet, often without passwords or proper configuration.<ref name=":4" /> A more serious documented breach occurred in 2019, when Perceptics, LLC, a subcontractor for U.S. Customs and Border Protection, exposed approximately 105,000 license plate images and 184,000 traveler facial images.<ref>{{Cite web |title= |url=https://www.oig.dhs.gov/sites/default/files/assets/2020-09/OIG-20-71-Sep20.pdf}}</ref>
+This represents one of several major security disclosures in the past decade. In 2015, the Electronic Frontier Foundation documented more than 100 ALPR cameras accessible on the open internet, often without passwords or proper configuration.<ref name=":4" /> A more serious documented breach occurred in 2019, when Perceptics, LLC, a subcontractor for U.S. Customs and Border Protection, exposed approximately 105,000 license plate images and 184,000 traveler facial images.<ref>{{Cite web |title=Review of CBP's Major Cybersecurity Incident During a 2019 Biometric Pilot |url=https://www.oig.dhs.gov/sites/default/files/assets/2020-09/OIG-20-71-Sep20.pdf}}</ref>
 ==Government accountability and oversight==