Flock Safety Gunshot Detection Devices Hard-Coded Password Vulnerability

A vulnerability exists in Flock Safety's gunshot detection devices, prior to version 1.3, due to a hard-coded password for establishing connections. This issue, categorized under CWE-798 and CWE-259, requires physical access to the device and knowledge of its debugging interface to exploit. However, even with physical access, the vulnerability does not allow access to recorded footage, as data is only temporarily stored on the device before being transmitted to the cloud, where it is encrypted and retained for 30 days.

Impact

The vulnerability introduces hard-coded credentials and connection details, which could be exploited if a person gains physical access to the device.

Remediation

Flock Safety will address this vulnerability through Over the Air Updates and improved factory settings for new devices, starting in Q2 2025.