License plate readers stream real-time video feeds and vehicle data

In just 20 minutes this morning, an Automated License Plate Recognition (ALPR) system in Nashville, Tennessee captured photos and detailed information from nearly 1,000 vehicles as they drove by. Among them: eight black Jeep Wranglers, six Honda Accords, an ambulance and a yellow Ford Fiesta with a dressing table.

This wealth of real-time vehicle data collected by one of Motorola’s ALPR systems is intended to be available to law enforcement. However, a flaw discovered by a security researcher exposed live video feeds and detailed recordings of passing vehicles, revealing the staggering scale of surveillance enabled by this widespread technology.

More than 150 Motorola ALPR cameras have had their video feeds and data leaked in recent months, according to security researcher Matt Brown, who first published the issues in a series of videos on YouTube after buying an ALPR camera from eBay and reverse engineering it.

In addition to broadcasting live footage available to anyone on the Internet, the misconfigured cameras also exposed data they collected, including photos of cars and license plate logs. Live video and data feeds do not require any usernames or passwords to access.

okay other technologistsWIRED reviewed video feeds from several of the cameras, confirming that vehicle data — including car makes, models and colors — was accidentally exposed. Motorola confirmed the exposures, telling WIRED that it is working with its customers to close the access.

Over the past decade, thousands of ALPR cameras have popped up in cities and towns across the US. The cameras, which are made by companies like Motorola and Flock Safety, automatically take pictures when they detect a passing car. Cameras and databases of collected data are often used by police to track down suspects. ALPR cameras can be placed on roads, on the dashboards of police cars and even in trucks. These cameras record billions of car photos – including the occasional bumper sticker, lawn sign and t-shirt.

“Every single one of them that I found exposed was in a fixed location over some road,” Brown, who runs the cybersecurity company Brown Fine Security, told WIRED. Each of the exposed video feeds covers one lane of traffic, with cars moving through the camera view. It is snowing in some streams. Brown found two streams for each exposed camera system, one color and one infrared.

Generally, when a car passes an ALPR camera, a picture of the car is taken and the system uses machine learning to extract text from the license plate. This is stored along with details such as where the photo was taken, the time, as well as metadata such as the make and model of the vehicle.

Brown says the camera feeds and vehicle data were likely exposed because they weren’t set up on private networks, possibly by the law enforcement agencies that deployed them, but instead were exposed on the Internet without any authentication. “It was misconfigured. It should not be open on the public internet,” he says.

WIRED tested the leak by analyzing data streams from 37 different IP addresses apparently connected to Motorola’s cameras, spanning more than a dozen cities in the United States, from Omaha, Nebraska, to New York. In just 20 minutes, these cameras recorded the make, model, color and license plates of nearly 4,000 vehicles. Some cars were even filmed multiple times – up to three times in some cases – as they passed through different cameras.