Security Lapse Exposed a Chinese Smart City Surveillance System (techcrunch.com) 44
An anonymous reader shares a report: Smart cities are designed to make life easier for their residents: better traffic management by clearing routes, making sure the public transport is running on time and having cameras keeping a watchful eye from above. But what happens when that data leaks? One such database was open for weeks for anyone to look inside. Security researcher John Wethington found a smart city database accessible from a web browser without a password. He passed details of the database to TechCrunch in an effort to get the data secured.
The database was an Elasticsearch database, storing gigabytes of data -- including facial recognition scans on hundreds of people over several months. The data was hosted by Chinese tech giant Alibaba. The customer, which Alibaba did not name, tapped into the tech giant's artificial intelligence-powered cloud platform, known as City Brain. "This is a database project created by a customer and hosted on the Alibaba Cloud platform," said an Alibaba spokesperson. "Customers are always advised to protect their data by setting a secure password." "We have already informed the customer about this incident so they can immediately address the issue. As a public cloud provider, we do not have the right to access the content in the customer database," the spokesperson added. The database was pulled offline shortly after TechCrunch reached out to Alibaba. But while Alibaba may not have visibility into the system, we did.
The database was an Elasticsearch database, storing gigabytes of data -- including facial recognition scans on hundreds of people over several months. The data was hosted by Chinese tech giant Alibaba. The customer, which Alibaba did not name, tapped into the tech giant's artificial intelligence-powered cloud platform, known as City Brain. "This is a database project created by a customer and hosted on the Alibaba Cloud platform," said an Alibaba spokesperson. "Customers are always advised to protect their data by setting a secure password." "We have already informed the customer about this incident so they can immediately address the issue. As a public cloud provider, we do not have the right to access the content in the customer database," the spokesperson added. The database was pulled offline shortly after TechCrunch reached out to Alibaba. But while Alibaba may not have visibility into the system, we did.
Seems there is zero understanding at work (Score:2)
These people seem to be barely capable to throw existing components together, but the (simple) act of understanding that you need a good password to protect access is already beyond them. This is pretty staggering.
Whoopsie! (Score:2)
"Forgot to set a password on the city! Haha silly me!" - China
Re: (Score:3)
Is China running a surveillance state in order to set up a massive, state-sponsored dating network?
China is creating a massive database, yes... but I'll bet yen to moon cakes that it's not for dating, though.
Re: (Score:2)
Everything can be used for dating when you're a politically backed law enforcement officer in a totalitarian state.
Imagine all the fun ole boy Lavrentiy [wikipedia.org] could have had with such a system?
He had to drive around town to find girls he'd like to "date". Such a drag...
How many pocket-sized Beria's with a badge are there in China? Clearly enough to warrant the "fuckable" attribute.
Uh, security audits? (Score:2)
Re: (Score:1)
Communist nations have internal movement controls.
Move out of an approved location? Why?
Move to a city without approval? Why?
Do good work and get approval to move to a city.
The Communist nations approves a place in a "smart city". Thats not a job offer for consideration. Thats document from a gov to say move to a city they have selected.
Study and get a good education? Get approval for better housing in a nice smart city.
Better h
Smart city admin here... (Score:2)
Oh shit! My social credit score! ;)
No, they aren't (Score:3)
No, they aren't. This is exclusively an excuse for technologically enabled imprisonment and enslavement. They just mention the supposed "advantages" in order to make stupid people more willing to accept it.
I am looking forward to people eventually realising that the only real end results of electronic technology, are subjugation and death.
Re: (Score:2)
I am looking forward to people eventually realising that the only real end results of electronic technology, are subjugation and death.
Bloody hell man - and here you are using the instrument of that death. What's that make you?
A whole lot of "subjugation and death" has gone on long before electronic technology. You might consider getting out a bit, relaxing, maybe visit some friends, because you read like you're ready to go off the deep end.
Re: No, they aren't (Score:2)
Re: (Score:2)
So we shouldn't be upset when we should have progressed past it and yet it keeps happening? Gotcha.
You are dealing with some of humanities core competencies, and deepest instincts.
As far as your apparent agreement with poster that :
the only real end results of electronic technology, are subjugation and death.
Electronics technology is just technology. It isn't evil, it doesn't inevitably lead to death. You want to move away from evil and death, you have to change humanity, not discard technology. Moving back to the caves and Savannas won't get rid of evil and death.
Re: (Score:2)
It's gone on long before and it continues to go on now. The manner in which it's happening is changing, nothing more.
If this isn't something that upsets you, worries you, or is any sort of concern to you, then enjoy going out a bit, visiting friends, and relaxing. Just remember to smile for the cameras.
You know - it's funny, I tend to notice security cameras wherever I go. I wave at them and smile. Then I take note, and if I need to, I'll subpoena the data they contain to prove my innocence. Sounds strange, but its kind of like mentally mapping out an escape route of whatever room you are in in case of a fire.