Link Technology

Security Lapse Exposed a Chinese Smart City Surveillance System

[ link as TechCrunch has a terrible pop up that I couldn’t dismiss on my iPad and their website is truly awful. So sod ’em. Here’s the original link if you’d prefer though.]

Today in Cyberpunk China:

Security researcher John Wethington found a smart city database accessible from a web browser without a password. […]

The exposed data contains enough information to pinpoint where people went, when and for how long, allowing anyone with access to the data — including police — to build up a picture of a person’s day-to-day life. […]

The database also contained a subject’s approximate age as well as an “attractive” score, according to the database fields. […]

The system also uses its facial recognition systems to detect ethnicities and labels them — such as “汉族” for Han Chinese, the main ethnic group of China — and also “维族” — or Uyghur Muslims, an ethnic minority under persecution by Beijing. […]

The Chinese government has detained more than a million Uyghurs in internment camps in the past year, according to a United Nations human rights committee. It’s part of a massive crackdown by Beijing on the ethnic minority group. […]

The customer’s system also has the capability to monitor for Wi-Fi-enabled devices, such as phones and computers, using sensors built by Chinese networking tech maker Renzixing and placed around the district. The database collects the dates and times that pass through its wireless network radius. Fields in the Wi-Fi-device logging table suggest the system can collect IMEI and IMSI numbers, used to uniquely identify a cellular user. […]

Further reading: One Month, 500,000 Face Scans: How China Is Using A.I. to Profile a Minority


WTF Facebook‽

I recently got MobileMe. When I was setting it up to sync all my contacts over multiple devices I somehow lost around half of my phone contacts. It wasn’t too big a deal as I have few contacts and most are intimate friends and family. Except for my friend Sam who lives in Northampton. I had no way of getting in contact with him. He isn’t a friend on Facebook and all I could remember was his now defunct and embarrassing Hotmail username. I could just wait until he got in contact with me. But he’s a Formula 1 mechanic and I needed advice about my little Honda.

Next I typed his email address into Google hoping it would take me to one of his online profiles, but it returned no results. I tried to add his Brother on Facebook and get in contact that way, but Facebook search is awful and I couldn’t find him. It couldn’t find Sam either. Well, the right Sam.

I eventually remembered that when I needed to reset my Facebook password a few weeks ago it listed all my associated e-mail address to choose which one I wanted to send the new password to. I typed in Sam’s hotmail account and clicked ‘forgot password’? and sure enough it listed his Gmail address.

I thought, ‘great, I’ll send him a quick e-mail now’. I’m halfway through asking for his details when I hear the indistinguishable noise of that Facebook chat beep. I go to the tab and sure enough I can see a chatbox. Sam and his Brother are chatting back and forth about what he wants for Christmas. ‘WTF’ I thought. This was bizarre. I typed in “Matt?”. He replied “yea”. I said “Sam has been hacked. Ha. Facebook security. Bullshit.”

Facebook account hacked

I got to Sam’s profile page and sure enough I am logged in as him. I can post and change settings. I didn’t, but I could. I haven’t tried this with any other accounts, because you know, it’s probably illegal or something and this may of just been a one-time glitch. But still, an idiot like me managed to hack into a Facebook account. By accident! All I needed was his e-mail address. No password – nothing. WTF Facebook?