2 min read

Lack of Basic Security Measures on Sheffield"s ANPR System Exposes 8.6 Million Records of Vehicle Movements and License Plate Numbers

Alina BÎZGĂ

April 29, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Lack of Basic Security Measures on Sheffield"s ANPR System Exposes 8.6 Million Records of Vehicle Movements and License Plate Numbers

Earlier this week, security researcher Chris Kubecka and freelance writer Gerard Jannsen stumbled upon a major security flaw in Sheffield City Council’s automatic number-plate recognition (ANPR), exposing 8.6 million records of vehicle movements and journeys of citizens.

Following the discovery, the pair shared their findings with The Register website, who publicly shared the story and informed district authorities.
It appears that accessing ANPR”s internal dashboard was a piece of cake. No authentication methods or credentials were required, and anyone could have viewed or browsed the live system with a simple copy-paste of its IP address.

In response to the news, representative from Sheffield City Council’s and South Yorkshire Police, told The Register:

“We take joint responsibility for working to address this data breach. It is not an acceptable thing to have occurred. However, it is important to be very clear that, to the best of our knowledge, nobody came to any harm or suffered any detrimental effects as a result of this breach.”

Check now if your personal info has been stolen or made public on the internet, with Bitdefender”s Digital Identity Protection tool.

Although there were no signs of malice, viewing the ANPR system in real time along with millions of recorded vehicle details and travel logs could have seriously endangered citizens. By simply using their license plate numbers, bad actors could have tracked down any vehicle travelling around the city and stage an attack or robbery.

If the lack of protection for private information is not enough to fill up your plate, the IT publication also revealed that the servers hosting the ANPR dashboard were home to a storage drive address. It featured millions of snapshots taken from the county”s 100 surveillance cameras that provide a constant feed to the system, including license plates, faces of drivers or passengers and nearby pedestrians.

As a result, Sheffield City Council and South Yorkshire Police have reported to the Information Commissioners Office and confirmed that the database is no longer viewable to the public:


“As soon as this was brought to our attention we took action to deal with the immediate risk and ensure the information was no longer viewable externally. Both Sheffield City Council and South Yorkshire Police have also notified the Information Commissioner’s Office. We will continue to investigate how this happened and do everything we can to ensure it will not happen again.”

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet
Silviu STAHIE

February 08, 2023

2 min read
Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns
Silviu STAHIE

February 06, 2023

1 min read
U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine
Silviu STAHIE

February 03, 2023

1 min read