Comentários do leitor

Traffic camera system breach exposes data about 8.6 MILLION car trips

por Lilliana Reddy (2020-10-26)


(<strong>2908<\/strong>99472539!)2553 (@sontal00)A pair of cybersecurity researchers have discovered a major breach in a traffic camera database, exposing license plate and travel details from more than 8.6 million car trips.

The breach involved the automatic number-plate recognition (ANPR) system used in Sheffield, England to levy tolls on vehicles traveling into the city center at certain times of day.

The database - which kept records of individual license plates, time of day and intersection location from 100 different cameras placed around the city - could be accessed by entering its IP address into a web browser with no extra passwords or authentication necessary.






Security researchers discovered an enormous breach in the database that kept records from traffic camera footage in Sheffield, England, part of a program that was initially implemented in 2014 to levy tolls on vehicles driving into the city center


The breach was first discovered by security specialist Chris Kubecka and writer Gerard Janssen while using Censys.io, a tool that analyzes web hosts for potential security flaws.

Eugene Walker, Sheffield's executive director of resources, told The Register that no individuals had been harmed or 'suffered any detrimental effects' because of the breach but admitted it was unacceptable.






RELATED ARTICLES


Previous

1

Next




Apple and Google begin testing COVID-tracking tech and are... Star lizard: Dinosaur with a parrot-like beak, bony frills... Google makes its video conferencing service Meet free in a... Secretive Air Force X-37B space plane is launching its sixth...




Share this article

Share

13 shares



'We take joint responsibility for working to address this data breach,' Walker said in a statement with David Hartley, assistant chief constable of the the South Yorkshire Police. 'It is not an acceptable thing to have occurred.'

Tony Porter, commissioner of the UK's surveillance camera oversight organization, was shocked by the news and promised a full investigation.

'As chair of the National ANPR Independent Advisory Group, I will be requesting a report into this incident,' Porter told The Register.

'I will focus on the comprehensive national standards that exist and look toward any emerging compliance issues or failure thereof.'






3M helped design the camera network and software for the city of Sheffield, which ultimately recorded a database of 8,616,198 trips across 100 traffic cameras placed around the city


Sheffield's ANPR system was first implemented in 2014 when the city contracted with the American corporation 3M to design the network of traffic cameras.

In 2018, the system began keeping permanent records of every vehicle that passed through every camera, with some cameras logging as many as 21,000 entries in a single day.

In total, the database contained 8,616,198 individual records.






 Eugene Walker, Sheffield's executive director of resources, accepted responsibility for the breach. 'It is not an acceptable thing to have occurred,' he said in a joint statement with David Hartley, ????? Assistant Chief Constable of the the South Yorkshire Police


According to Edin Omanovic of Privacy International, a non-profit that advocates for improved data security, the breach is an example of how even well-intentioned surveillance programs can be exploited.

'Time and again we've seen the introduction of surveillance tech for very specific purposes, only to creep into other areas of enforcement,' Omanovic said.

'ANPR use must be proportionate to the problem it's trying to address - it's not supposed to be a tool of mass surveillance.'

'Both the council and police have a responsibility to ensure their use is proportionate and subject to a data protection impact assessment.'

 



Read more:

Nine million logs of Brits' road journeys spill onto the internet from password-less number-plate camera dashboard • The Register