During the past few days, we heard of a lot of incidents involving accidental data leakage from unsecured databases. Here comes another similar security incident. However, what makes this one unique is the kind of exposed data. Allegedly, a researcher caught an unprotected Chinese Smart City database which leaked facial recognition scans amongst other information.
Chinese Smart City Database Exposed Data Publicly
Researcher John Wethington stumbled upon an open Elasticsearch database that publicly exposed a huge amount of records. The unsecured database included hundreds of facial recognition scans stored as gigabytes of data.
The researcher found that the database was hosted on the Alibaba cloud platform. The database had numerous references to Alibaba’s AI-powered City Brain. However, Alibaba denied this supposition, and also kept themselves aloof of the matter.
“This is a database project created by a customer and hosted on the Alibaba Cloud platform… As a public cloud provider, we do not have the right to access the content in the customer database.”
While Alibaba expressed their inability to access the content of the database, the researcher, in assistance with TechCrunch, could assess. Allegedly, the database included every detail hinting towards the functioning of a smart city. According to TechCrunch,
“The system monitors the residents around at least two small housing communities in eastern Beijing, the largest of which is Liangmaqiao, known as the city’s embassy district.”
The data exposed included information about people’s movements monitored from the systems that included various data collection points including cameras. In addition, it also included details about people’s facial features, approximate ages, an ‘attractive’ score, and some labels regarding ethnicities as determined through facial recognition.
The database also linked the facial recognition results with police records, triggering warnings upon detecting an individual. This hinted towards the possibility that the customer behind this database might belong to the government sector.
The system also generated alerts in case of events such as smoke alarms or equipment failures. It could also monitor WiFi devices, and could also log IMEI and IMSI numbers from cellular devices.
Unnamed Source Informed Of The Matter
While Alibaba didn’t acknowledge the possible linkage with the leaky database, they did however inform their customer-base.
“We have already informed the customer about this incident so they can immediately address the issue.”
The information present in the database indicated how dangerous AI can become. According to Wethington,
“The weaponization and abuse of A.I. is a very real threat to the privacy and security of every individual. We should carefully look at how this technology is already being abused by other countries and businesses before permitting them to be deployed here.”
Do share with us your thoughts about this report.