2 min read

Lack of Basic Security Measures on Sheffield"s ANPR System Exposes 8.6 Million Records of Vehicle Movements and License Plate Numbers

Alina BÎZGĂ

April 29, 2020

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Lack of Basic Security Measures on Sheffield"s ANPR System Exposes 8.6 Million Records of Vehicle Movements and License Plate Numbers

Earlier this week, security researcher Chris Kubecka and freelance writer Gerard Jannsen stumbled upon a major security flaw in Sheffield City Council’s automatic number-plate recognition (ANPR), exposing 8.6 million records of vehicle movements and journeys of citizens.

Following the discovery, the pair shared their findings with The Register website, who publicly shared the story and informed district authorities.
It appears that accessing ANPR”s internal dashboard was a piece of cake. No authentication methods or credentials were required, and anyone could have viewed or browsed the live system with a simple copy-paste of its IP address.

In response to the news, representative from Sheffield City Council’s and South Yorkshire Police, told The Register:

“We take joint responsibility for working to address this data breach. It is not an acceptable thing to have occurred. However, it is important to be very clear that, to the best of our knowledge, nobody came to any harm or suffered any detrimental effects as a result of this breach.”

Check now if your personal info has been stolen or made public on the internet, with Bitdefender”s Digital Identity Protection tool.

Although there were no signs of malice, viewing the ANPR system in real time along with millions of recorded vehicle details and travel logs could have seriously endangered citizens. By simply using their license plate numbers, bad actors could have tracked down any vehicle travelling around the city and stage an attack or robbery.

If the lack of protection for private information is not enough to fill up your plate, the IT publication also revealed that the servers hosting the ANPR dashboard were home to a storage drive address. It featured millions of snapshots taken from the county”s 100 surveillance cameras that provide a constant feed to the system, including license plates, faces of drivers or passengers and nearby pedestrians.

As a result, Sheffield City Council and South Yorkshire Police have reported to the Information Commissioners Office and confirmed that the database is no longer viewable to the public:


“As soon as this was brought to our attention we took action to deal with the immediate risk and ensure the information was no longer viewable externally. Both Sheffield City Council and South Yorkshire Police have also notified the Information Commissioner’s Office. We will continue to investigate how this happened and do everything we can to ensure it will not happen again.”

tags


Author


Alina BÎZGĂ

Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.

View all posts

You might also like

Bookmarks


loader