How Can ALPR Cameras Be Dangerous for Your Personal Data?

How%20Can%20ALPR%20Cameras%20Be%20Dangerous%20for%20Your%20Personal%20Data%3F
source: Flickr

Do you know what does ALPR stand for? Widespread across the US, it actually means ''automatic license plate recognition.'' These type of video surveillance is mostly under control by the police or dedicated government agencies to track license plates, and respectively people, going from point A to point B. According to the American Civil Liberties Union (ACLU), this type of tracking is quickly turning into one of the emerging forms of mass surveillance in the US. 

In fact, what is even more striking, is that some of these cameras are connected to the web, making them easily identifiable and subject to bad practices. Many cameras lack adequate security protection and often leak sensitive information about both the vehicles and the drivers, ACLU claims.

A 2015 study by the Electronic Frontier Foundation, conducted shortly after Boston's entire ALPR network was exposed online, has found out that ALPR devices are often accessible from the internet.

Three years later, TechCrunch experimented to check the current state of the license plate tracking cameras across the country. The TechCrunch team investigated more than 150 ALPR devices from diverse manufacturers connected to the web and searchable on the internet. It turned out that nothing has significantly changed concerning improving data security and privacy. The majority of the ALPR cameras were exposed entirely or could have been easily accessible by a professional hacker. In addition to that, in many of the cameras' support documents, the default password could be found.

The TechCrunch research team made use of a search engine for exposed databases and devices called Shodan. Earlier in 2014, Darius Freamon, a security researcher was among the first scientists to discover police ALPR cameras on Shodan. Five years later, TechCrunch managed to find numerous ALPR cameras used by California police in the Shodan's cache memory. What is more, TechCrunch also managed to find two ALPR servers by MissionALPR and more than 80 separate Genetec AutoVu SharpV devices online. 

Contrary to popular belief, not only the police and the government use ALPR services. Many private entities, such as large university campuses, for instance, have been investing actively in ALPR. However, it seems that not many of them are aware of the associated security risks and data breaches.

For example, many ALPR cameras are now hardware-based, much cheaper and rely heavily on an internet-connected webcam or an affordable license plate recognition software, which is also open source and easy to download. Therefore, it means that nowadays any camera can be an ALPR camera.

As of next year, the state of California will implement a new law to forbid the sale and manufacturing of internet-connected devices if they contain a weak or default password. It would seriously increase the data protection, and it would also prevent hijacking to a great extent.

Until then, we are not secure. 

Do you agree that the law should be widely-implemented across the nation?