Flock Cloud Misconfiguration Exposes AI Camera Surveillance Feeds in 2026
Executive Summary
In January 2026, Flock, a prominent provider of AI-enabled surveillance technologies, faced a significant cybersecurity incident due to a cloud misconfiguration. Unauthorized online access was discovered, revealing live video streams from Flock’s advanced Condor pan-tilt-zoom cameras deployed in public areas and private properties. These cameras, designed for AI-driven facial and movement tracking, unintentionally exposed high-resolution footage of civilians—including children—across multiple locations, highlighting considerable privacy and operational risks. No evidence suggests the exposure was caused by active exploitation; instead, the open access points were a direct result of insufficient cloud security controls and misapplied access permissions. The incident triggered regulatory and public concern around surveillance, data protection, and compliance obligations, emphasizing the criticality of proper cloud configurations in the era of AI-driven physical security systems.
This breach is indicative of a broader rise in cloud infrastructure misconfigurations exposing sensitive, AI-powered surveillance data. Regulatory agencies and industry groups are increasing pressure on technology vendors to enforce robust controls, with cloud and IoT security now considered foundational to protecting physical as well as digital environments.
Why This Matters Now
As AI-enabled surveillance tools rapidly expand into public and private spaces, misconfigurations in cloud deployments can cause widespread privacy breaches and regulatory violations. The Flock incident exemplifies urgent gaps in cloud visibility, access governance, and data protection, underscoring the immediate need for robust zero trust strategies across cloud-native deployments.
Attack Path Analysis
Attackers discovered exposed, internet-accessible Flock Condor camera streams due to misconfigured cloud privacy or authentication settings. Without proper access controls, they obtained direct surveillance feed access, potentially escalating privileges if management consoles or APIs were misconfigured. Lateral movement within the cloud environment could occur if broader permissions or network access allowed attackers to discover other sensitive feeds or services. Attackers may have established persistence for ongoing surveillance or data extraction via the command and control stage. Sensitive video data could be exfiltrated through outbound channels to external infrastructure. The ultimate impact was unauthorized mass surveillance, privacy violations, and possible downstream abuse of collected images and video data.
Kill Chain Progression
Initial Compromise
Description
Attackers accessed Flock Condor camera streams exposed to the internet due to misconfigured cloud controls or absent authentication, enabling unauthorized surveillance feed viewing.
Related CVEs
CVE-2025-59407
CVSS 9.8Hardcoded credentials in Flock Safety's Condor cameras allow unauthorized access to live and recorded video feeds.
Affected Products:
Flock Safety Condor PTZ Camera – All versions up to December 2025
Exploit Status:
exploited in the wildCVE-2025-47823
CVSS 9.1Hardcoded Wi-Fi credentials in Flock Safety's Condor cameras enable unauthorized network access.
Affected Products:
Flock Safety Condor PTZ Camera – All versions up to December 2025
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Network Service Scanning
Exploit Public-Facing Application
Modify Authentication Process
Valid Accounts
Account Discovery
Data from Cloud Storage Object
Brute Force
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Restrict Public Access to System Components
Control ID: 7.2.3
NYDFS 23 NYCRR 500 – Encryption of Nonpublic Information
Control ID: 500.15
DORA – ICT Security and Risk Management
Control ID: Art. 10(2)
CISA ZTMM 2.0 – Least Privilege Access Enforcement
Control ID: 3.2.1
NIS2 Directive – Incident Handling Procedures
Control ID: Art. 21(2)(d)
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Public Safety
Cloud misconfiguration exposes AI surveillance systems, compromising public monitoring capabilities and creating visibility gaps in law enforcement operations.
Government Administration
Exposed Flock surveillance cameras reveal municipal security infrastructure vulnerabilities, threatening public safety programs and citizen privacy protections.
Security/Investigations
AI-enabled camera exposure undermines private security operations, compromising client surveillance capabilities and creating operational security risks.
Real Estate/Mortgage
Surveillance system breaches in commercial properties expose tenant monitoring systems, creating liability issues and property security vulnerabilities.
Sources
- Flock Exposes Its AI-Enabled Surveillance Camerashttps://www.schneier.com/blog/archives/2026/01/flock-exposes-its-ai-enabled-surveillance-cameras.htmlVerified
- Flock Safety Hardcoded 53 Passwords in Police Camerashttps://byteiota.com/flock-safety-hardcoded-53-passwords-in-police-cameras/Verified
- Lawmakers say stolen police logins are exposing Flock surveillance cameras to hackershttps://techcrunch.com/2025/11/03/lawmakers-say-stolen-police-logins-are-exposing-flock-surveillance-cameras-to-hackers/Verified
- Update on Limited Condor Device Configuration Issuehttps://www.flocksafety.com/blog/update-on-limited-condor-device-configuration-issueVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Comprehensive Zero Trust controls—encompassing cloud segmentation, workload isolation, encrypted traffic enforcement, visibility, and strict egress filtering—would have blocked initial unauthorized access, limited privilege escalation, contained lateral movement, and prevented data exfiltration, thus mitigating privacy impact.
Control: Zero Trust Segmentation
Mitigation: Unauthorized internet access to surveillance feeds is blocked.
Control: Zero Trust Segmentation
Mitigation: Lateral privilege gains within cloud camera infrastructure are prevented.
Control: East-West Traffic Security
Mitigation: Movement between workloads and data planes is contained and monitored.
Control: Threat Detection & Anomaly Response
Mitigation: Malicious and anomalous control-plane activities are detected and flagged.
Control: Egress Security & Policy Enforcement
Mitigation: Outbound data transfers to unauthorized destinations are blocked or flagged.
Organizational and regulatory impact from systemic misconfigurations is greatly reduced.
Impact at a Glance
Affected Business Functions
- Surveillance Operations
- Public Safety Monitoring
Estimated downtime: 7 days
Estimated loss: $500,000
Unauthorized access to live and recorded video feeds, including sensitive footage of public areas and individuals.
Recommended Actions
Key Takeaways & Next Steps
- • Enforce Zero Trust Segmentation policies to ensure cloud camera feeds and management planes are only accessible to explicitly authorized users and systems.
- • Implement robust East-West Traffic Security to prevent lateral movement between camera devices, workloads, and sensitive cloud resources.
- • Apply comprehensive Egress Security controls to tightly monitor and restrict outbound data transfer from surveillance services to external locations.
- • Leverage real-time Threat Detection & Anomaly Response to rapidly identify and contain unauthorized access, usage spikes, or suspicious automation.
- • Continuously monitor for cloud misconfigurations with a distributed Cloud Native Security Fabric to automatically remediate unauthorized exposures.
