A security researcher recently uncovered a significant vulnerability in Motorola’s automated license plate readers (ALPRs). These devices, deployed by cities and police departments across the United States, were found to be streaming video and car data to the unsecured internet, making them accessible to anyone. The cameras, including Motorola’s Reaper HD models, were misconfigured to broadcast their footage publicly rather than remain on private networks. This flaw allows individuals to access real-time streams of color and infrared video, including sensitive data like license plate numbers, without any form of authentication.
Matt Brown, the researcher behind the discovery, initially demonstrated that accessing these streams was possible if someone was connected to the same network. However, he later identified that many cameras were broadcasting their data directly to the open internet. Brown purchased a Reaper HD ALPR on eBay to conduct further tests, which showed that these devices were transmitting not only video footage but also data, including car license plates, without any encryption or access control, making them easily exploitable by anyone with the right tools.
The issue has since been confirmed by other privacy advocates, including Will Freeman, who runs an open-source map of ALPRs in the United States. Freeman developed a script that collects data from unencrypted ALPR streams, allowing users to track the movements of vehicles. His script collects detailed information about a vehicle’s make, model, color, and license plate, along with timestamps, providing a comprehensive tracking system. As of now, over 170 unencrypted ALPR streams have been discovered, highlighting the widespread nature of this issue.
In response to the security concerns, Motorola has acknowledged the vulnerability and assured that they are working on a firmware update to address the problem. While the company claims that the security issues are largely due to customer-modified configurations, this incident raises significant privacy concerns about the use of ALPRs and the potential for misuse. Privacy advocates, including Freeman, argue that the unchecked proliferation of these surveillance tools represents a major threat to privacy, especially given that they are often used by law enforcement agencies. Despite the efforts to secure the devices, experts warn that such vulnerabilities could persist, with the devices being inherently vulnerable to exploitation if not properly secured.
