Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
In just 20 minutes this morning, an automated license plate recognition (ALPR) system in Nashville, Tenn., captured photos and detailed information from nearly 1,000 vehicles as they drove by. Among them: eight black Jeep Wranglers, six Honda Accords, an ambulance, and a yellow Ford Fiesta with a vanity plate.
This trove of real-time vehicle data, collected by one of Motorola’s ALPR systems, is intended to be accessible by law enforcement. However, a flaw discovered by a security researcher exposed live video and detailed records of vehicles passing by, revealing the staggering scale of surveillance enabled by this widespread technology.
More than 150 Motorola ALPR cameras have had their video feeds exposed and leaked data in recent months, according to security researcher Matt Brown, who first published the issues in a series of YouTube videos after purchasing an ALPR camera on eBay and reverse engineering it.
In addition to streaming live footage accessible to anyone on the Internet, the misconfigured cameras also exposed the data they collected, including photos of cars and license plate logs. Real-time video and data feeds do not require usernames or passwords to access.
Beside other technologiesWIRED reviewed video feeds from several of the cameras, confirming that vehicle data — including car makes, models and colors — was accidentally exposed. Motorola confirmed the exposure, telling WIRED that it was working with its customers to shut down access.
Over the past decade, thousands of ALPR cameras have popped up in cities and towns across the United States. The cameras, which are manufactured by companies such as Motorola and Flock Safety, automatically take pictures when they detect a passing car. Cameras and databases of collected data are often used by police to search for suspects. ALPR cameras can be placed along roads, on the dashboards of police cars, and even in trucks. These cameras capture billions of car photos, including the occasional bumper sticker, lawn sign, and t-shirt.
“Every one of them that I found exposed was in a fixed location on a road,” Brown, who runs the cybersecurity company Brown Fine Security, tells WIRED. The exposed video feed each covers a single lane of traffic, with cars passing through the camera’s view. In some streams, snow has fallen. Brown found two streams for each exposed camera system, one in color and the other in infrared.
Generally, when a car passes an ALPR camera, a photograph of the vehicle is taken, and the system uses machine learning to extract text from the license plate. This is stored alongside details such as where the photograph was taken, the time, and even metadata such as the make and model of the vehicle.
Brown says the camera feeds and vehicle data were likely exposed because they were not installed on private networks, possibly by the law enforcement agencies deploying them, and instead exposed to the Internet without no authentication. “It was misconfigured. It shouldn’t be open on the public internet,” he says.
WIRED tested the flaw by analyzing data streams from 37 different IP addresses apparently linked to Motorola cameras, covering more than a dozen cities in the United States, from Omaha, Nebraska, to New York City. In just 20 minutes, these cameras recorded the make, model, color and license plates of nearly 4,000 vehicles. Some cars were even captured multiple times – up to three times in some cases – as they passed different cameras.
