Information Security News mailing list archives
Security lapse exposed a Chinese smart city surveillance system
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 6 May 2019 08:16:32 +0000 (UTC)
https://techcrunch.com/2019/05/03/china-smart-city-exposed/ By Zack Whittaker TechCrunch May 3, 2019Smart cities are designed to make life easier for their residents: better traffic management by clearing routes, making sure the public transport is running on time and having cameras keeping a watchful eye from above.
But what happens when that data leaks? One such database was open for weeks for anyone to look inside.
Security researcher John Wethington found a smart city database accessible from a web browser without a password. He passed details of the database to TechCrunch in an effort to get the data secured.
The database was an Elasticsearch database, storing gigabytes of data — including facial recognition scans on hundreds of people over several months. The data was hosted by Chinese tech giant Alibaba. The customer’s database, which Alibaba did not name, made several references to the tech giant’s artificial intelligence-powered cloud platform, City Brain, but Alibaba later denied its platform was used.
“This is a database project created by a customer and hosted on the Alibaba Cloud platform,” said an Alibaba spokesperson. “Customers are always advised to protect their data by setting a secure password.”
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Security lapse exposed a Chinese smart city surveillance system InfoSec News (May 06)