'Smart cities are designed to make life easier for their residents:
better traffic management by clearing routes, making sure the public
transport is running on time and having cameras keeping a watchful eye
from above. But what happens when that data leaks? One such database
was open for weeks for anyone to look inside. Security researcher John
Wethington found a smart city database accessible from a web browser
without a password. He passed details of the database to TechCrunch in
an effort to get the data secured.
The database was an Elasticsearch database, storing gigabytes of data
-- including facial recognition scans on hundreds of people over
several months. The data was hosted by Chinese tech giant Alibaba. The
customer, which Alibaba did not name, tapped into the tech giant's
artificial intelligence-powered cloud platform, known as City Brain.
"This is a database project created by a customer and hosted on the
Alibaba Cloud platform," said an Alibaba spokesperson. "Customers are
always advised to protect their data by setting a secure password."
"We have already informed the customer about this incident so they can
immediately address the issue. As a public cloud provider, we do not
have the right to access the content in the customer database," the
spokesperson added. The database was pulled offline shortly after
TechCrunch reached out to Alibaba. But while Alibaba may not have
visibility into the system, we did.'
-- source: https://yro.slashdot.org/story/19/05/04/0235239
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174