2 min read

Lack of Basic Security Measures on Sheffield"s ANPR System Exposes 8.6 Million Records of Vehicle Movements and License Plate Numbers

Alina BÎZGĂ

April 29, 2020

Lack of Basic Security Measures on Sheffield"s ANPR System Exposes 8.6 Million Records of Vehicle Movements and License Plate Numbers

Earlier this week, security researcher Chris Kubecka and freelance writer Gerard Jannsen stumbled upon a major security flaw in Sheffield City Council’s automatic number-plate recognition (ANPR), exposing 8.6 million records of vehicle movements and journeys of citizens.

Following the discovery, the pair shared their findings with The Register website, who publicly shared the story and informed district authorities.
It appears that accessing ANPR”s internal dashboard was a piece of cake. No authentication methods or credentials were required, and anyone could have viewed or browsed the live system with a simple copy-paste of its IP address.

In response to the news, representative from Sheffield City Council’s and South Yorkshire Police, told The Register:

“We take joint responsibility for working to address this data breach. It is not an acceptable thing to have occurred. However, it is important to be very clear that, to the best of our knowledge, nobody came to any harm or suffered any detrimental effects as a result of this breach.”

Check now if your personal info has been stolen or made public on the internet, with Bitdefender”s Digital Identity Protection tool.

Although there were no signs of malice, viewing the ANPR system in real time along with millions of recorded vehicle details and travel logs could have seriously endangered citizens. By simply using their license plate numbers, bad actors could have tracked down any vehicle travelling around the city and stage an attack or robbery.

If the lack of protection for private information is not enough to fill up your plate, the IT publication also revealed that the servers hosting the ANPR dashboard were home to a storage drive address. It featured millions of snapshots taken from the county”s 100 surveillance cameras that provide a constant feed to the system, including license plates, faces of drivers or passengers and nearby pedestrians.

As a result, Sheffield City Council and South Yorkshire Police have reported to the Information Commissioners Office and confirmed that the database is no longer viewable to the public:


“As soon as this was brought to our attention we took action to deal with the immediate risk and ensure the information was no longer viewable externally. Both Sheffield City Council and South Yorkshire Police have also notified the Information Commissioner’s Office. We will continue to investigate how this happened and do everything we can to ensure it will not happen again.”

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read