News

China: database with license plates and faces on the net for months

In China, a database containing around 800 million faces and license plates was apparently freely accessible on the Internet for several months. The data allegedly originated from surveillance cameras made by Xinai Electronics.

Surveillance company failed to secure database

The company provides electronic access control for people and vehicles. Throughout China, Xinai Electronics’ cameras are used in places such as schools, construction sites, businesses and parking garages. In addition to checking access authorizations, the company also offers automatic billing in parking garages and permanent monitoring of employee presence at the workplace.

On its own website, Xinai confidently claims that the data collected in the process is stored securely on its own servers. However, this has now turned out to be untrue. According to IT security researcher Anurag Sen, the data was stored unprotected on servers belonging to the Chinese company Alibaba. The rapidly growing data set contained high-resolution photos of license plates and faces. It also contained related information such as the names, ages and resident IDs of the people pictured. Sen was able to show that all this data could be freely accessed from the Internet without password or other protection. All that was required was knowledge of the Internet address.

Ransom demand related to the data

In addition to the IT security researcher, at least one other person discovered the data set, which was openly accessible until August. This is how the company was confronted with a ransom demand. As part of this, an unknown person demanded a monetary payment and claimed to have stolen the stored data. She would only release it upon receipt of the payment. The company apparently did not respond to the extortion; no money was received at the blockchain address provided.

It is unclear whether the person behind the extortion has anything to do with the disappearance of the database from the network, as Xinai Electronics has not yet commented publicly. It is also conceivable that the company itself took the database offline after the lack of protection became known.

Data protection in China

Since November 2021, China has had a data protection law that requires private companies to obtain consent from data subjects before processing personal data. However, the data protection law in the dictatorship has hardly taken effect so far: state agencies that collect and analyze data on a large scale are exempt from regulation and private companies, as the current example shows, do not necessarily comply with the requirements. The exemption of state agencies is not only problematic in this regard, as the authoritarian regime uses the data as a basis for disciplining its citizens; the lack of protection for the data has also led to it being stolen in the past, allowing third parties to use it for other purposes. Recently, for example, around one billion data records were stolen from the Shanghai police.

Simon Lüthje

I am co-founder of this blog and am very interested in everything that has to do with technology, but I also like to play games. I was born in Hamburg, but now I live in Bad Segeberg.

Related Articles

Neue Antworten laden...

Basic Tutorials

Gehört zum Inventar

7,156 Beiträge 2,011 Likes

In China, a database containing around 800 million faces and license plates was apparently freely accessible on the Internet for several months. The data allegedly originated from surveillance cameras made by Xinai Electronics. Surveillance company failed to secure database The company provides electronic access control for people and vehicles. Throughout China, Xinai Electronics‘ cameras are … (Weiterlesen...)

Antworten Like

Back to top button