A company operating a facial recognition system in China has exposed millions of residents’ personal information online.
Shenzen-based SenseNets is an artificial intelligence company that uses a network of tracking cameras to spot people and log their movements in its database. Unfortunately, the company exposed that information publicly online allowing anyone to access the information in plain text, it emerged this week.
Dutch cybersecurity researcher Victor Gevers found the vulnerable database online and tweeted about it.
There is this company in China named SenseNets. They make artificial intelligence-based security software systems for face recognition, crowd analysis, and personal verification. And their business IP and millions of records of people tracking data is fully accessible to anyone. pic.twitter.com/Zaf6w5502i— Victor Gevers (@0xDUDE) February 13, 2019
The database housed records on over 2.5m people, including their gender, nationality, address, date of birth, photo, and employer. A lot of this was linked to their ID card number, which was also revealed in the database records. China maintains a compulsory national identity card system for residents.
SenseNet maintained a collection of trackers which logged whomever it identified in the database. This created over 6.6m logged entries in a single 24-hour window, Gevers revealed.
In another tweet, Gevers showed what appeared to be an abandoned location in Keriya, in southern China, with a tracking device installed:
In the process of tracking down each tracker, we even stumbled upon abandon locations (according to Google maps). If there is anyone living or working in Keriya who can confirm this location? We also would like to a photo of the device. pic.twitter.com/3PMnbvDpho— Victor Gevers (@0xDUDE) February 14, 2019
Since Gevers went public with the breach online, the company has blocked access to the public database, he tweeted, adding that it may only have been blocked to requests from outside China.
SenseNet’s website has displayed a default empty web server page for months, but in 2017 it explained in Chinese that:
Face recognition is performed on real-time video captured by HD cameras, which compares black and white lists, confirms identity, and implements alarm, tracking, and disposal functions.
Facial recognition is big business in China. Chinese citizens can now check in and clear security using facial recognition at Shanghai Hongqiao International Airport, and the Beijing subway has announced facial recognition plans to help streamline passenger flow, sparking privacy fears.
However, facial recognition technology in China also has its darker, more authoritarian side. Government agencies including its Ministry of Public Security are building a facial recognition system, nicknamed Skynet, that would eventually cover China’s entire population of well over a billion people. It will achieve 100% coverage in “key public areas” next year, according to official government documents.
Chinese police are already using augmented reality glasses to scan and recognise faces, enabling them to quickly identify and apprehend suspects. Schools are planning to use facial recognition to ensure that children attend class and check that they’re paying attention.
Perhaps most unsettling of all: China has also introduced facial recognition technology that tracks people’s movements and predicts how likely they are to commit a crime – Minority Report-style.