Briefing: Beijing smart city surveillance database left unsecured ‘for weeks’

1 min read

Security lapse exposed a Chinese smart city surveillance system – TechCrunch

What happened: A security researcher has found an unprotected smart city database containing hundreds of facial recognition scans from Beijing’s diplomatic district, Liangmaqiao. The database was hosted by Chinese public cloud provider Alibaba Cloud and went unprotected for weeks, according to TechCrunch. The system contained information relating to people’s movements, their ethnicities, and whether they were of interest or wanted by the police. The database also included names and ID numbers. It is unclear who owns the database and corresponding surveillance system.

Why it’s important: The incident is the latest in a slew of open databases being found containing sensitive personal information gleaned from surveillance systems around the country. One such database, discovered by Dutch security researcher Victor Gevers, included information about internet cafe goers, including social media and messaging data, as well as names and ID numbers. With the ubiquity of surveillance and smart city systems come risks of hacks and data leaks. However, recent incidents show that incompetence is the greatest danger, with sensitive information being left in the open without adequate protection.