Security researchers find city-wide surveillance system for a smart city China

The concept of smart cities is very appealing. Such cities were considered nothing more than the stuff of sci-fi movies. But in reality, systems to turn a regular city into a smart one have been on the rise in many global cities all across the world. What identifies a city as a smart one are the plethora of sensors that gather data and automatically coordinate various aspects of the city’s infrastructure like waste management, management of public transportation, water supply, electricity grid management, etc. However, it could also be used as a tool of mass surveillance. That is exactly what security researchers found out when they stumbled upon a database meant for a smart city management system in China.

The database was unsecured and accessible to anyone who knew where to look. The contents of it are what concerned cybersecurity professionals and civil liberties groups. The database contained several Gigabytes of data about numerous people, including facial recognition scans, their daily commute patterns, where they went, for how long and even who they went with. This information can no doubt be used to build profiles on individuals and identify their habits.

The database was hosted on Alibaba Cloud. But the Chinese tech behemoth did not name the customer who owned and operated it.     

"This is a database created by a customer and hosted on Alibaba Cloud. Alibaba Cloud is not involved with the customer on any City Brain related project, and does not provide any AI-related technologies for the customer," said an Alibaba Cloud spokesperson. "For customers who host their database on our cloud platform, they are always advised to protect their data by setting a secure password. We have already informed the customer about this incident so they can immediately address the issue. As a public cloud provider, we do not have the right to access the content in the customer database.”