There is no shortage of news about hacks and cybersecurity flaws, which may not come as a surprise. Yet, there are curious ones that catch the eye.<\/p>\n
<\/p>\n
In this piece, we take a look at a recent story about a blatant vulnerability in a CCTV system exposing 8.6 million records and try to find an upside in today’s messy situation with privacy.<\/p>\n
On April 28th, The Register put out an article<\/a> about a security mishap on the part of an automatic number-plate recognition system (ANPR) run by the City Council of Sheffield, UK. It turned out that the system\u2019s internal management dashboard wasn\u2019t protected even by a password and could be accessed by entering its IP address in a browser.<\/p>\n As a result, 8.6 million records were exposed, potentially allowing anyone to precisely deduct journeys of thousands of people down to a minute. Luckily, the officials said that there\u2019s no evidence that the data have been exploited.<\/p>\n \u201cWe take joint responsibility for working to address this data breach. It is not an acceptable thing to have occurred. However, it is important to be very clear that, to the best of our knowledge, nobody came to any harm or suffered any detrimental effects as a result of this breach,\u201d <\/i><\/b>Sheffield officials told The Register.<\/i><\/p><\/blockquote>\n The flawed dashboard was reportedly shut down shortly after The Register notified local authorities.<\/p>\n This case is concerning because of several reasons. First of all, it should have taken quite an astonishing amount of confidence to leave a municipal CCTV dashboard just laying in the open. It seems that everything is fine, but not knowing about bad things happening isn\u2019t the same as knowing they didn\u2019t happen. Aside from spying on people, the vulnerability may have allowed an adversary to change important parameters withing the system: rename cameras, edit their assigned location, etc. Moreover, the situation raises the question of how much more freely accessible information of this sort is still out there.<\/p>\n On the other hand, there\u2019s the problem of balance between keeping people\u2019s privacy and making everybody observe the law.<\/p>\n \u201cANPR use must be proportionate to the problem it’s trying to address \u2013 it’s not supposed to be a tool of mass surveillance. Both the council and police have a responsibility to ensure their use is proportionate and subject to a data protection impact assessment,\u201d <\/i><\/b>Privacy International’s Edin Omanovic told The Register, <\/i>\u201cThey must both now explain how exactly they are using this system, how their use is consistent with data protection rules, how it came to be that this data was exposed, and what changes they’ve made to ensure it never happens again.\u201d\u00a0<\/i><\/b><\/p><\/blockquote>\n In this particular case, one of the surveillance system functions was to automatically detect vehicles entering the city center to charge a fee from the owners. The measure is meant to encourage people to reduce car traffic in the area and combat pollution. Sounds harmless, but ANPR is still a serious surveillance tool, which is easy to mishandle.<\/p>\n Given the sheer amount of CCTV systems, it\u2019s hard to believe that there aren\u2019t more similar cases yet to be revealed. Undoubtedly, it is concerning to suggest that a number of video control systems in cities across the world are this vulnerable. But there\u2019s another side to this.<\/p>\n There were no malicious hackers involved in this, no unsavory political powers exploiting tech to harm opponents, and no critical flow in technology left unnoticed. A pretty low bar, but still. From what it looks like, this is nothing but an eye-opening example of human negligence that begs to be learned from. This story wouldn\u2019t have happened, had there been a simple authorization check. The very idea of personal data lying there up for grabs is equally amusing and disturbing, especially in the light of privacy concerns people have to face these days.<\/p>\n On top of that, this case offers a different look at a more technologically advanced future. Eventually, more people will learn to treat technologies responsibly. There will be fewer and fewer ludicrous cases of government databases not being protected, that\u2019s for sure. Even assuming that there are more examples of such negligence worldwide, the problem itself is more than solvable with education and supervision.<\/p>\n With the growing need for data protection, the cybersecurity industry is progressing and is largely expected<\/a> to keep growing. A larger market with more competition will bring more effective security solutions for both enterprises and the general public, making sensitive data less vulnerable and privacy more accessible to a layperson.<\/p>\n Follow us on <\/b>Twitter<\/b><\/a> and <\/b>Facebook<\/b><\/a> and join our <\/b>Telegram channel<\/b><\/a> to know what\u2019s up with crypto and why it\u2019s important.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":" There is no shortage of news about hacks and cybersecurity flaws, which may not come as a surprise. Yet, there are curious ones that catch the eye.<\/p>\n","protected":false},"author":6,"featured_media":8738,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"human_written","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1111,573,210],"class_list":["post-8736","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity","tag-privacy","tag-uk"],"aioseo_notices":[],"amp_enabled":true,"views":"573","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/8736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=8736"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/8736\/revisions"}],"predecessor-version":[{"id":8739,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/8736\/revisions\/8739"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/8738"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=8736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=8736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=8736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Semi-Positive Takeaway<\/h2>\n