Security researcher discovered Uzbekistan's nationwide license plate tracking system publicly accessible without authentication, exposing millions of vehicle photos and GPS camera locations.
Key Points ~100 license plate reader cameras across major Uzbek cities left exposed without password protection System contains millions of photos, 4K video footage, and GPS coordinates of camera locations dating back to September 2024 Database reveals real-time tracking capability: one vehicle tracked 6+ months across multiple cities with weekly movements Maxvision (Shenzhen-based vendor) surveillance tech exported to 6+ countries; similar exposure patterns emerging globally (Flock cameras in US also recently exposed) Why It Matters This demonstrates critical infrastructure security failures in mass surveillance deployments worldwide. For security researchers and sysadmins, it exposes how national-scale ALPR systems lack basic authentication controls, while highlighting the broader risk of vendor-supplied surveillance tech with identical vulnerabilities across multiple countries. The pattern—Flock cameras exposed in US, now Uzbekistan's system—suggests systemic architectural flaws in commercial surveillance platforms. Full technical analysis on TechCrunchSource: techcrunch.com