Security Lapse Exposed a Chinese Smart City Surveillance System

[Outline.com link as TechCrunch has a terrible pop up that I couldn’t dismiss on my iPad and their website is truly awful. So sod ’em. Here’s the original link if you’d prefer though.]

Today in Cyberpunk China:

Security researcher John Wethington found a smart city database accessible from a web browser without a password. […]

The exposed data contains enough information to pinpoint where people went, when and for how long, allowing anyone with access to the data — including police — to build up a picture of a person’s day-to-day life. […]

The database also contained a subject’s approximate age as well as an “attractive” score, according to the database fields. […]

The system also uses its facial recognition systems to detect ethnicities and labels them — such as “汉族” for Han Chinese, the main ethnic group of China — and also “维族” — or Uyghur Muslims, an ethnic minority under persecution by Beijing. […]

The Chinese government has detained more than a million Uyghurs in internment camps in the past year, according to a United Nations human rights committee. It’s part of a massive crackdown by Beijing on the ethnic minority group. […]

The customer’s system also has the capability to monitor for Wi-Fi-enabled devices, such as phones and computers, using sensors built by Chinese networking tech maker Renzixing and placed around the district. The database collects the dates and times that pass through its wireless network radius. Fields in the Wi-Fi-device logging table suggest the system can collect IMEI and IMSI numbers, used to uniquely identify a cellular user. […]

Further reading: One Month, 500,000 Face Scans: How China Is Using A.I. to Profile a Minority


Got a comment? Email me.
Stay updated via RSS or Twitter.
Or subscribe to the monthly newsletter.