In just 20 minutes this morning, an automated license plate recognition (ALPR) system in Nashville, Tennessee took photos and detailed information of nearly 1,000 vehicles passing by. Among them: eight black Jeep Wranglers, six Honda Accords, one ambulance, and a yellow Ford Fiesta with a vanity plate.
This repository of real-time vehicle data collected by one of Motorola's ALPR systems should be accessible by law enforcement. However, a flaw discovered by a security researcher has exposed live video feeds and detailed records of passing vehicles, revealing the staggering scale of surveillance enabled by this pervasive technology.
More than 150 Motorola ALPR cameras have had their video feeds and data leaked in recent months, according to security researcher Matt Brown, who first publicized the issues in the series. Youtube video After purchasing an ALPR camera on eBay and reverse engineering it.
As well as broadcasting live footage accessible to anyone over the Internet, the incorrectly configured cameras also exposed the data they collected, including photos of cars and logs of license plates. No username or password is required to access real-time video and data feeds.
Together other technologistsWIRED has reviewed video feeds from multiple cameras, confirming that vehicle data — including the make, model and color of cars — may have been accidentally exposed. Motorola confirmed the exposure, telling WIRED that it is working with its customers to shut down access.
Over the past decade, thousands of ALPR cameras have appeared in towns and cities across America. The cameras, which are manufactured by companies like Motorola and Flock Safety, automatically take pictures when they detect a car passing by. Cameras and databases of collected data are often used by police to search for suspects. ALPR cameras can be installed along roadsides, on the dashboards of police cars, and even in trucks. These cameras capture Billions of photos of cars—sometimes including bumper stickers, lawn signs, and T-shirts,
“Every single one of them that I exposed was in a certain location on some street,” Brown, who runs the cybersecurity company Brown Fine Security, told WIRED. The exposed video feed covers the same length of traffic with cars moving through the camera's view. Snow is falling in some streams. Brown found two streams for each exposed camera system, one in color and the other in infrared.
Broadly speaking, when a car passes an ALPR camera, a photo of the vehicle is taken and the system uses machine learning to extract text from the license plate. It is stored with details such as where the photo was taken, the time, as well as metadata such as the make and model of the vehicle.
Brown says the camera feeds and vehicle data were likely exposed because they were not installed on a private network, possibly by law enforcement bodies deployed to them, and were instead exposed over the Internet without any authentication. . “It's configured incorrectly, it shouldn't be open on the public Internet,” he says.
WIRED tested the flaw by analyzing data streams from 37 different IP addresses associated with Motorola cameras spanning more than a dozen cities in the United States, from Omaha, Nebraska to New York. Within just 20 minutes, those cameras recorded the make, model, color and license plates of nearly 4,000 vehicles. Some cars were captured multiple times – in some cases up to three times – as they passed through different cameras.