- Sputnik International
World
Get the latest news from around the world, live coverage, off-beat stories, features and analysis.

‘Terrifying’: Hack Shows Extent of Private Data US License-Plate Readers Collect

© Flickr / Florida TurnpikeLicense Plate Reader Program
License Plate Reader Program - Sputnik International
Subscribe
The companies that sell car license-plate readers used by US authorities to track drivers within its borders collect far more information than most would think possible ‒ and fail to adequately protect that personal data, as a recent hack shows.

These license-plate readers collect and store information including peoples' locations, zip codes and even MP3 files, presumably from individuals' computers. Invasive technologies and the "surveillance state" they reveal are a major privacy concern, technologist Chris Garaffa told Sputnik. 

​On Thursday, a hacker using the name "Boris Bullet-Dodger" contacted technology news website the Register, providing internal data belonging to Perceptics, a US company that designs "vehicle identification and license-plate recognition products to serve border control, commercial vehicle enforcement, electronic toll collection and security industries," according to its website. 

Ransomware attacks global IT systems - Sputnik International
Chinese Hacking Group Indicted in US Data Breach Affecting 78 Million - DoJ

"These license-plate readers — these are terrifying," Garaffa told Radio Sputnik's By Any Means Necessary host Sean Blackmon. "They exist when you go through a toll. If you don't have to stop, they have them on there. Cops have license-plate readers on their cars. Truck companies have these license-plate readers, and they all have to connect back to DMV [Department of Motor Vehicle] databases. So, these license-plate generator readers are constantly taking data from your car when you're going down the street or when they [law enforcement] are driving down the street and you're parked at home," Garaffa added.

​"So, what they [the unidentified hackers] found online is hundreds of thousands of files relating to zip codes, locations and even images from these license-plate readers. It's an unbelievable cache of files, and it shows exactly what these devices are tracking and keeping on us. Let's say they go and see my license-plate; they're storing that information, and they could correlate that with when they see my license-plate later on. You do that enough and you can figure out, well, Chris [for example], works here and he lives there. So, there is a lot of different things they [companies like Perceptics] can do with this. So, the issue with license-plate readers themselves is a privacy issue, but now this company has been so derelict in its responsibility to protect that data that they have left it online, open for folks to see," Garaffa continued. 

Mobile phone - Sputnik International
Rostec Launches Sales of Russia's Cryptophone Immune to Hacking, Wiretapping

According to the Register, the hundreds of gigabytes of data stored by Perceptics include XLSX (Microsoft Excel spreadsheet) files for locations and zip codes, JPG files that refer to "driver" and "scene," DOCX (Microsoft Word document) files likely related to government clients like the US Immigration and Customs Enforcement (ICE), and many other other files such as MP3 files with songs like "Superstition" by Stevie Wonder and "Wannabe" by the Spice Girls most likely downloaded from someone's laptop. It is not clear how either the license-plate readers or the hackers accessed this information. "Boris Bullet-Dodger" refused to answer any questions regarding the hacked information.

"In this case, Perceptics — their four main focuses [on their website] are electronic toll collection, highway and city security, commercial vehicle enforcement and border security. So, they are tracking cars coming through the border as well, enabling ICE to do that. So, I think the first call that they made when they figured this out was not to their customers, not to the public, but to their lawyers, and that's a typical thing," Garaffa explained.

Following the breach, Casey Self, director of marketing for Perceptics, released a statement saying that the company is "aware of the breach" and has notified its customers. 

A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017 - Sputnik International
FBI Sting Hits N Korea Software That Secretly Links Vulnerable PCs for Hacking

"We can't comment any further because it is an ongoing legal investigation," Self added. Perceptics did not immediately respond to Sputnik's request for comment.

Perceptics, which used to be a subsidiary of government contractor Northrop Grumman, provides license-plate readers, under-vehicle cameras and driver cameras to US, Canada and Mexico to install at the borders. According to information published by the company, both its readers and cameras can correlate to individuals' "biographic" and "passport data."

"Often when we think about license-plate readers, we are thinking about the tow trucks that come around and tag your car because you haven't paid your car taxes locally. These license-plate readers are used by law enforcement for tracking people; they are used by the DHS [US Department of Homeland Security] and ICE at the border as well. License plates are just one facet of this surveillance state," Garaffa noted.

Newsfeed
0
To participate in the discussion
log in or register
loader
Chats
Заголовок открываемого материала