Traffic camera & # 39; s security breach exposes information about 8.6 MILLION car journeys tied to individual license plates
- Cybersecurity researchers discovered a major mistake in a traffic camera database
- They were able to access the records of every car searched by traffic cameras in Sheffield, England by entering an IP address in a web browser
- The database contained information on 8.6 million trips
- The records included license plate information, time of day and location data
A few cybersecurity researchers have discovered a major breach in a database of traffic cameras, with license plate and travel details stemming from more than 8.6 million car trips.
The violation included the Automatic Number Plate Recognition (ANPR) system that was used in Sheffield, England to raise tolls on cars & # 39; that & # 39; at certain times of & # 39; city in & # 39; e downtown travel.
The database – which keeps records of individual license plates, time of day and location of intersection of 100 different cameras located around the city – could be accessed by entering the IP address in a web browser without additional passwords or authentication required.
Security investigators discovered a huge burglary in a database that contained records of footage from traffic cameras in Sheffield, England, part of a program initially implemented in 2014 to levy tolls on cars # 39; s you & # 39; t in & # 39; t city center ride
The hacking was first discovered by security specialist Chris Kubecka and author Gerard Janssen when using Censys.io, a tool that analyzes webhosts for possible security errors.
Eugene Walker, the executive director of sources at Sheffield, told The Register that no persons were harmed or & # 39; suffered from harmful effects & # 39; because of the breach but acknowledged that it was unacceptable.
& # 39; We take joint responsibility for working to address this data breach, & # 39; said Walker in a statement with David Hartley, assistant chief constable of the & # 39; South Yorkshire Police. & # 39; It did not happen to be an acceptable thing. & # 39;
Tony Porter, commissioner of the UK's surveillance camera organization, was shocked by the news and promised a full investigation.
& # 39; As President of & # 39; e National ANPR Independent Advisory Group, I will request a report on this incident, & # 39; Porter told The Register.
& # 39; I will concentrate on the comprehensive national standards that do not exist and look at any upcoming compliance or failure issues. & # 39;
3M helped design the camera network and software for the city of Sheffield, which eventually included a database of 8,616,198 trips across 100 traffic cameras placed around the city
Sheffield & # 39; s ANPR system was first implemented in 2014 when the city contracted with US corporation 3M to design the network of traffic cameras.
In 2018, the system began keeping permanent records of every car that went through each camera, with some cameras registering 21,000 entries in one day.
In total, the database contained 8,616,198 individual records.
Eugene Walker, the Sheffield resources executive director, accepted responsibility for the burglary. & # 39; It is not an acceptable thing that has happened, & # 39; he said in a joint statement with David Hartley, Assistant Chief Constable of the & # 39; South Yorkshire Police
According to Edin Omanovic of Privacy International, a nonprofit that advocates for improved data security, the infringement is an example of how well-designed surveillance programs can be exploited.
& # 39; Every now and then, we have seen the introduction of surveillance technology for very specific purposes, only to creep into other areas of enforcement, & # 39; said Omanovic.
& # 39; ANPR use should be proportionate to the problem it is trying to address – it should not be a tool of mass surveillance. & # 39;
& # 39; Both the council and police have a responsibility to ensure that their use is proportionate and subject to a data protection assessment. & # 39;
. (tagsToTranslate) dailymail (t) sciencetech