I am standing on the corner of Harris Road and Young Street outside of the Crossroads Business Park in Bakersfield, California, looking up at a Flock surveillance camera bolted high above a traffic signal. On my phone, I am watching myself in real time as the camera records and livestreams me—without any password or login—to the open internet. I wander into the intersection, stare at the camera and wave. On the livestream, I can see myself clearly. Hundreds of miles away, my colleagues are remotely watching me too through the exposed feed.
Flock left livestreams and administrator control panels for at least 60 of its AI-enabled Condor cameras around the country exposed to the open internet, where anyone could watch them, download 30 days worth of video archive, and change settings, see log files, and run diagnostics.
Archive: http://archive.today/IWMKe
Again? How insecure are these things? I am honestly wondering how easy it would be to get into one and shut down the entire system.
Install a hardware-frying virus on it
I studied coding for a while (and it has been a while since I punched in code), but I never coded a virus. I am hesitant to ask an LLM to do it since I have no idea if it’ll work, and I also need to test it to see if it works first. Not sure if I have any sacrificial electronics to do that.
It’s obvious that these guys are fucking amateur hour Techbros, running this shitshow as they have. I don’t doubt they’re underpaying and undertraining the contractors they hire to install these things.
If anything, they might have written most of the infrastructure using LLMs. It’s easier for vibecode to forget about security because LLMs often forget context or hyperfixate on the wrong features.