Lawmakers have known as on the Federal Commerce Fee to analyze Flock Security, an organization that operates license plate scanning cameras, for allegedly failing to implement cybersecurity protections that expose its digital camera community to hackers and spies.
In a letter despatched by Sen. Ron Wyden (D-OR) and Rep. Raja Krishnamoorthi (D-IL, eighth), the lawmakers urge FTC Chairman Andrew Ferguson to probe why Flock doesn’t implement using multi-factor authentication (MFA), a safety safety that stops malicious entry by somebody with information of the account holder’s password.
Wyden and Krishnamoorthi stated that whereas the corporate presents its legislation enforcement clients the power to allow MFA, “Flock doesn’t require it, which the corporate confirmed to Congress in October,” in line with the letter.
Wyden and Krishnamoorthi stated that if hackers or international spies be taught of a legislation enforcement consumer’s password, “they will acquire entry to law-enforcement-only areas of Flock’s web site and search the billions of pictures of Individuals’ license plates collected by taxpayer-funded cameras throughout the nation.”
Flock operates one of many largest networks of cameras and license plate readers within the U.S., offering entry to greater than 5,000 police departments, in addition to non-public companies, throughout the nation. Flock’s cameras scan the license plates of passing autos in order that police and federal companies with logins to Flock’s platform can search the billions of captured pictures and observe the place autos have traveled at any given time.
The lawmakers stated that that they had discovered proof that a few of Flock’s legislation enforcement clients’ logins had been beforehand stolen and shared on-line, citing information from Hudson Rock, a cybersecurity firm that identifies usernames and passwords stolen by information-stealing malware.
Impartial safety researcher Benn Jordan additionally supplied the lawmakers with a screenshot displaying a Russian cybercrime discussion board allegedly promoting entry to Flock logins.
When reached by TechCrunch for remark, Flock shared the corporate’s response in a letter from its chief authorized officer Dan Haley, through which he says the corporate switched on MFA by default for all new clients beginning in November 2024, and that 97% of its legislation enforcement clients have enabled MFA thus far.
That leaves round 3% of the corporate’s clients — doubtlessly dozens of legislation enforcement companies — which have declined to modify on MFA, citing “causes particular to them,” Haley wrote.
Holly Beilin, a spokesperson for Flock, didn’t instantly present a selected variety of legislation enforcement clients that haven’t but switched on MFA, say if any federal companies are among the many remaining clients, or for what motive Flock doesn’t require its clients to modify on the safety function.
404 Media beforehand reported that the U.S. Drug Enforcement Administration used an area police officer’s password to entry Flock’s cameras to seek for a person suspected of an “immigration violation,” however with out the officer’s information. The Palos Heights Police Division stated it switched on multi-factor authentication following the breach.
{content material}
Supply: {feed_title}