My Flock Safety independent security research has reached the point where it felt necessary to compile it all into a formal white paper and statement. Moving forward, all vulnerabilities will be added first to this white paper during the responsible disclosure embargo.
Finding 67 Flock Safety Live PTZ Camera/LPR Feeds and Debug Web Interfaces accidentally exposed without authentication to the internet
How I took a security researchers initial discovery and found another 63 instances of Flock Safety Camera Feeds and Debug Web Service exposed unauthenticated to the internet. Also learn how it ended up being exposed to the internet and how to ensure it doesn't happen to you.
Introducing LeakScope
An all-in-one Shodan & ZoomEye supported tool to search, browse, preview and dump data leakage across 20+ services. Pulls real exposure straight from the sources instead of guessing. Drop it into your workflow and watch it surface leaks you won't find anywhere else.
BirdEye
A TensorFlow Lite harness I threw together for some security research in regards to my long going Bird Hunting Season project!
Addition to the $150 Private LTE Network
The first addition, a awesome 4G LTE router that runs a flavor of OpenWRT, anti-forensics blue merle plugin and supports CBRS bands (aka the $150 private LTE network). First documented case of this being supported!
Setting up your own 4G LTE Network (<$150) for your Embedded System & IoT Hacking Lab via Open5GS + CBRS eNodeB on Ubuntu 24.04
Step by Step instructions to setting up your own private LTE network for cheap, great for home labs, hacking and penetration testing.
Button Presses to Wireless RCE: Shell on Flock Safety’s License Plate Cameras Over Wi-Fi
A combination of reused default passwords, hidden triggers, and completely unauthenticated APIs results in reliable wireless RCE, data disclosure, and device control in the field on Flock Safety's License Plate Readers.
Fly-By – Device 2: The Falcon/Sparrow – Gated Wireless RCE, Camera Feed, DoS, Information Disclosure and More
Covering the next batch of disclosures in regards to my Flock Safety security research.
Root from the Coop – Device 3: Root Shell on Flock Safety’s Picard/Bravo Compute Box
Covering the newest and likely rarest of Fock's Devices I've had the chance to get my hands on. In this case, it's a (edge) Compute Box. Much newer harder then the other stuff and its own huge set of challenges. Come see how little I've explored this device and how to get root on it so you can start diving in too!
Roadside to Everyone – Intelligent Traffic Systems (ITS) Research – Kapsch TrafficCom AG (C)V2X Roadside Units (RSU)
I will keep this article brief as I still owe a full disclosure article walking through what was covered in my Phrack Article 'Roadside to Everyone (R2E) Phase 1: Physical & Local Vulnerabilities in (C)V2X RSUs' LINK. This will include more pictures, some deeper explanations of the vulnerabilities, etc. For now I just wanted to … Continue reading Roadside to Everyone – Intelligent Traffic Systems (ITS) Research – Kapsch TrafficCom AG (C)V2X Roadside Units (RSU)