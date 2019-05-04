Please create an account to participate in the Slashdot moderation system

 


Security Lapse Exposed a Chinese Smart City Surveillance System (techcrunch.com) 42

Posted by msmash from the privacy-woes dept.
An anonymous reader shares a report: Smart cities are designed to make life easier for their residents: better traffic management by clearing routes, making sure the public transport is running on time and having cameras keeping a watchful eye from above. But what happens when that data leaks? One such database was open for weeks for anyone to look inside. Security researcher John Wethington found a smart city database accessible from a web browser without a password. He passed details of the database to TechCrunch in an effort to get the data secured.

The database was an Elasticsearch database, storing gigabytes of data -- including facial recognition scans on hundreds of people over several months. The data was hosted by Chinese tech giant Alibaba. The customer, which Alibaba did not name, tapped into the tech giant's artificial intelligence-powered cloud platform, known as City Brain. "This is a database project created by a customer and hosted on the Alibaba Cloud platform," said an Alibaba spokesperson. "Customers are always advised to protect their data by setting a secure password." "We have already informed the customer about this incident so they can immediately address the issue. As a public cloud provider, we do not have the right to access the content in the customer database," the spokesperson added. The database was pulled offline shortly after TechCrunch reached out to Alibaba. But while Alibaba may not have visibility into the system, we did.

  • These people seem to be barely capable to throw existing components together, but the (simple) act of understanding that you need a good password to protect access is already beyond them. This is pretty staggering.

  • "Forgot to set a password on the city! Haha silly me!" - China

  • The article asks the wrong question. The question, "What happens when the data leaks" is rediculous. It is trivally easy for someone who knows what they are doing to conduct an audit to regularly confirm there is a proper security layer. The correct question is why ANY population of people would agree live in a smart city without ANY evidence that security is being regularly audited for best practice and beyond.

    • Re: (Score:1)

      by AHuxley ( 892839 )
      Re 'why ANY population of people would agree live in a smart city"
      Communist nations have internal movement controls.
      Move out of an approved location? Why?
      Move to a city without approval? Why?
      Do good work and get approval to move to a city.
      The Communist nations approves a place in a "smart city". Thats not a job offer for consideration. Thats document from a gov to say move to a city they have selected.
      Study and get a good education? Get approval for better housing in a nice smart city.
      Better h

  • Oh shit! My social credit score! ;)

  • No, they aren't (Score:3)

    by petrus4 ( 213815 ) on Saturday May 04, 2019 @11:01AM (#58537866) Homepage Journal

    Smart cities are designed to make life easier for their residents: better traffic management by clearing routes, making sure the public transport is running on time and having cameras keeping a watchful eye from above.

    No, they aren't. This is exclusively an excuse for technologically enabled imprisonment and enslavement. They just mention the supposed "advantages" in order to make stupid people more willing to accept it.

    I am looking forward to people eventually realising that the only real end results of electronic technology, are subjugation and death.

    • I am looking forward to people eventually realising that the only real end results of electronic technology, are subjugation and death.

      Bloody hell man - and here you are using the instrument of that death. What's that make you?

      A whole lot of "subjugation and death" has gone on long before electronic technology. You might consider getting out a bit, relaxing, maybe visit some friends, because you read like you're ready to go off the deep end.

      • So we shouldn't be upset when we should have progressed past it and yet it keeps happening? Gotcha.

        • So we shouldn't be upset when we should have progressed past it and yet it keeps happening? Gotcha.

          You are dealing with some of humanities core competencies, and deepest instincts.

          As far as your apparent agreement with poster that :

          the only real end results of electronic technology, are subjugation and death.

          Electronics technology is just technology. It isn't evil, it doesn't inevitably lead to death. You want to move away from evil and death, you have to change humanity, not discard technology. Moving back to the caves and Savannas won't get rid of evil and death.

