Uzbekistan’s National Vehicle Surveillance Network Exposed Online Without a Password
Uzbekistan's entire national vehicle surveillance system was discovered exposed online, password-free. The leak compromises millions of records, including photos, videos, and detailed travel histories, posing a major privacy and security threat.
Uzbekistan's sprawling, nationwide system for tracking vehicles and their occupants has been found exposed on the open internet without a password. Discovered by security researcher Anurag Sen, the security lapse allows anyone to access a massive database containing millions of photos, raw video footage, and the precise locations of vehicles across the country.
Inside the Nationwide Surveillance Leak
The system is operated by the Department of Public Security in Uzbekistan’s Ministry of Internal Affairs and is described as an “intelligence traffic management system” by its maker, Maxvision, a Shenzhen-based surveillance tech company. According to a report from TechCrunch, which verified the exposure, the system pulls data from at least a hundred banks of high-resolution cameras positioned in major cities like Tashkent, Jizzakh, and Qarshi, as well as on crucial transit routes near the Tajikistan border.
System artifacts show the database was first set up in September 2024, with traffic monitoring beginning in mid-2025. The exposed data is granular enough to track a single vehicle's movements for over six months between multiple cities. It captures everything from running red lights to drivers not wearing seatbelts, storing zoomed-in photos and 4K resolution video of the supposed violations.
A Recurring Global Problem
This incident is the latest in a troubling trend of exposed license plate reader (LPR) systems. Earlier this week, news outlet 404 Media reported that dozens of cameras from surveillance giant Flock were left publicly accessible. This follows previous reports from Wired and TechCrunch in recent years about hundreds of similar cameras across the United States being left unsecured online, sometimes for years.
According to TechCrunch, Uzbek authorities, including the Ministry of Internal Affairs, government representatives in the U.S., and the national computer emergency readiness team (UZCERT), did not respond to multiple requests for comment about the exposure. As of the time of writing, the surveillance system remains unsecured and accessible from the internet.
The global proliferation of turnkey surveillance solutions is creating a new class of systemic risk. Nations adopting this technology for state control are simultaneously exposing their entire populations to unforeseen threats, proving that mass data collection is often a national liability, not an asset.
This content is AI-generated based on source articles. While we strive for accuracy, errors may occur. We recommend verifying with the original source.
Related Articles
France's national postal and banking service, La Poste, suffered a major outage on Monday from a suspected DDoS attack, affecting its website, mobile apps, and online services. The event is the latest in a series of cyberattacks targeting French infrastructure.
Activist group Anna's Archive alleges it scraped 86 million songs from Spotify, totaling 300TB, with plans for a torrent release. Spotify says it has disabled the accounts involved and implemented new safeguards.
A new report from Elliptic reveals that Telegram hosts the largest online black markets in history, facilitating nearly $2 billion a month for Chinese-speaking crypto scammers. This new ecosystem dwarfs former dark-web giants like AlphaBay and Hydra.
The South Korean government has formed a multi-agency task force, including the national spy agency, to investigate a massive data breach at Coupang affecting 33.7 million users, calling it a 'major social crisis.'