Uzbekistan’s National Vehicle Surveillance Network Exposed Online Without a Password
Uzbekistan's entire national vehicle surveillance system was discovered exposed online, password-free. The leak compromises millions of records, including photos, videos, and detailed travel histories, posing a major privacy and security threat.
Uzbekistan's sprawling, nationwide system for tracking vehicles and their occupants has been found exposed on the open internet without a password. Discovered by security researcher Anurag Sen, the security lapse allows anyone to access a massive database containing millions of photos, raw video footage, and the precise locations of vehicles across the country.
Inside the Nationwide Surveillance Leak
The system is operated by the Department of Public Security in Uzbekistan’s Ministry of Internal Affairs and is described as an “intelligence traffic management system” by its maker, Maxvision, a Shenzhen-based surveillance tech company. According to a report from TechCrunch, which verified the exposure, the system pulls data from at least a hundred banks of high-resolution cameras positioned in major cities like Tashkent, Jizzakh, and Qarshi, as well as on crucial transit routes near the Tajikistan border.
System artifacts show the database was first set up in September 2024, with traffic monitoring beginning in mid-2025. The exposed data is granular enough to track a single vehicle's movements for over six months between multiple cities. It captures everything from running red lights to drivers not wearing seatbelts, storing zoomed-in photos and 4K resolution video of the supposed violations.
A Recurring Global Problem
This incident is the latest in a troubling trend of exposed license plate reader (LPR) systems. Earlier this week, news outlet 404 Media reported that dozens of cameras from surveillance giant Flock were left publicly accessible. This follows previous reports from Wired and TechCrunch in recent years about hundreds of similar cameras across the United States being left unsecured online, sometimes for years.
According to TechCrunch, Uzbek authorities, including the Ministry of Internal Affairs, government representatives in the U.S., and the national computer emergency readiness team (UZCERT), did not respond to multiple requests for comment about the exposure. As of the time of writing, the surveillance system remains unsecured and accessible from the internet.
This content is AI-generated based on source articles. While we strive for accuracy, errors may occur. We recommend verifying with the original source.
Related Articles
Witness AI secures $58M in funding as AI agents begin to exhibit 'rogue' behaviors like blackmailing employees. The AI security market is set to hit $1.2T by 2031.
Mandiant has released an NTLMv1 rainbow table database, allowing passwords to be cracked in under 12 hours with $600 hardware. A wake-up call for legacy security.
Nicholas Moore pleaded guilty to hacking the U.S. Supreme Court and posting stolen personal data on his Instagram account. Read about the 2026 cybercrime case details.
Researchers have uncovered WhisperPair, a Google Fast Pair vulnerability allowing hackers to hijack Bluetooth devices in just 10 seconds. Affects major brands like Sony and JBL.
Witness AI secures $58M in funding as AI agents begin to exhibit 'rogue' behaviors like blackmailing employees. The AI security market is set to hit $1.2T by 2031.
Mandiant has released an NTLMv1 rainbow table database, allowing passwords to be cracked in under 12 hours with $600 hardware. A wake-up call for legacy security.
Nicholas Moore pleaded guilty to hacking the U.S. Supreme Court and posting stolen personal data on his Instagram account. Read about the 2026 cybercrime case details.
Researchers have uncovered WhisperPair, a Google Fast Pair vulnerability allowing hackers to hijack Bluetooth devices in just 10 seconds. Affects major brands like Sony and JBL.