Uzbekistan’s National Vehicle Surveillance Network Exposed Online Without a Password

Uzbekistan's sprawling, nationwide system for tracking vehicles and their occupants has been found exposed on the open internet without a password. Discovered by security researcher Anurag Sen, the security lapse allows anyone to access a massive database containing millions of photos, raw video footage, and the precise locations of vehicles across the country.

Inside the Nationwide Surveillance Leak

The system is operated by the Department of Public Security in Uzbekistan’s Ministry of Internal Affairs and is described as an “intelligence traffic management system” by its maker, Maxvision, a Shenzhen-based surveillance tech company. According to a report from TechCrunch, which verified the exposure, the system pulls data from at least a hundred banks of high-resolution cameras positioned in major cities like Tashkent, Jizzakh, and Qarshi, as well as on crucial transit routes near the Tajikistan border.

System artifacts show the database was first set up in September 2024, with traffic monitoring beginning in mid-2025. The exposed data is granular enough to track a single vehicle's movements for over six months between multiple cities. It captures everything from running red lights to drivers not wearing seatbelts, storing zoomed-in photos and 4K resolution video of the supposed violations.

A Recurring Global Problem

This incident is the latest in a troubling trend of exposed license plate reader (LPR) systems. Earlier this week, news outlet 404 Media reported that dozens of cameras from surveillance giant Flock were left publicly accessible. This follows previous reports from Wired and TechCrunch in recent years about hundreds of similar cameras across the United States being left unsecured online, sometimes for years.

According to TechCrunch, Uzbek authorities, including the Ministry of Internal Affairs, government representatives in the U.S., and the national computer emergency readiness team (UZCERT), did not respond to multiple requests for comment about the exposure. As of the time of writing, the surveillance system remains unsecured and accessible from the internet.