Lack of Basic Security Measures on Sheffield"s ANPR System Exposes 8.6 Million Records of Vehicle Movements and License Plate Numbers
Earlier this week, security researcher Chris Kubecka and freelance writer Gerard Jannsen stumbled upon a major security flaw in Sheffield City Council’s automatic number-plate recognition (ANPR), exposing 8.6 million records of vehicle movements and journeys of citizens.
Following the discovery, the pair shared their findings with The Register website, who publicly shared the story and informed district authorities.
It appears that accessing ANPR”s internal dashboard was a piece of cake. No authentication methods or credentials were required, and anyone could have viewed or browsed the live system with a simple copy-paste of its IP address.
In response to the news, representative from Sheffield City Council’s and South Yorkshire Police, told The Register:
“We take joint responsibility for working to address this data breach. It is not an acceptable thing to have occurred. However, it is important to be very clear that, to the best of our knowledge, nobody came to any harm or suffered any detrimental effects as a result of this breach.”
Check now if your personal info has been stolen or made public on the internet, with Bitdefender”s Digital Identity Protection tool.
Although there were no signs of malice, viewing the ANPR system in real time along with millions of recorded vehicle details and travel logs could have seriously endangered citizens. By simply using their license plate numbers, bad actors could have tracked down any vehicle travelling around the city and stage an attack or robbery.
If the lack of protection for private information is not enough to fill up your plate, the IT publication also revealed that the servers hosting the ANPR dashboard were home to a storage drive address. It featured millions of snapshots taken from the county”s 100 surveillance cameras that provide a constant feed to the system, including license plates, faces of drivers or passengers and nearby pedestrians.
As a result, Sheffield City Council and South Yorkshire Police have reported to the Information Commissioners Office and confirmed that the database is no longer viewable to the public:
“As soon as this was brought to our attention we took action to deal with the immediate risk and ensure the information was no longer viewable externally. Both Sheffield City Council and South Yorkshire Police have also notified the Information Commissioner’s Office. We will continue to investigate how this happened and do everything we can to ensure it will not happen again.”
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns
January 19, 2023
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022