No protection Misconfigured license plate readers are leaking data and video in real time Video feeds from at least 150 Motorola license plate readers accessible without a password. Matt Burgess and Dhruv Mehrotra, wired.com Jan 8, 2025 12:52 pm | 11 An automated license plate reader is seen mounted on a pole on June 13, 2024 in San Francisco, California. Credit: Getty Images | Justin Sullivan An automated license plate reader is seen mounted on a pole on June 13, 2024 in San Francisco, California. Credit: Getty Images | Justin Sullivan Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreIn just 20 minutes this morning, an automated license-plate-recognition (ALPR) system in Nashville, Tennessee, captured photographs and detailed information from nearly 1,000 vehicles as they passed by. Among them: eight black Jeep Wranglers, six Honda Accords, an ambulance, and a yellow Ford Fiesta with a vanity plate.This trove of real-time vehicle data, collected by one of Motorolas ALPR systems, is meant to be accessible by law enforcement. However, a flaw discovered by a security researcher has exposed live video feeds and detailed records of passing vehicles, revealing the staggering scale of surveillance enabled by this widespread technology.More than 150 Motorola ALPR cameras have exposed their video feeds and leaking data in recent months, according to security researcher Matt Brown, who first publicized the issues in a series of YouTube videos after buying an ALPR camera on eBay and reverse engineering it.As well as broadcasting live footage accessible to anyone on the Internet, the misconfigured cameras also exposed data they have collected, including photos of cars and logs of license plates. The real-time video and data feeds dont require any usernames or passwords to access.Alongside other technologists, WIRED has reviewed video feeds from several of the cameras, confirming vehicle dataincluding makes, models, and colors of carshave been accidentally exposed. Motorola confirmed the exposures, telling WIRED it was working with its customers to close the access.Over the last decade, thousands of ALPR cameras have appeared in towns and cities across the US. The cameras, which are manufactured by companies such as Motorola and Flock Safety, automatically take pictures when they detect a car passing by. The cameras and databases of collected data are frequently used by police to search for suspects. ALPR cameras can be placed along roads, on the dashboards of cop cars, and even in trucks. These cameras capture billions of photos of carsincluding occasionally bumper stickers, lawn signs, and T-shirts.Every one of them that I found exposed was in a fixed location over some roadway, Brown, who runs cybersecurity company Brown Fine Security, tells WIRED. The exposed video feeds each cover a single lane of traffic, with cars driving through the cameras view. In some streams, snow is falling. Brown found two streams for each exposed camera system, one in color and another in infrared.Broadly, when a car passes an ALPR camera, a photograph of the vehicle is taken, and the system uses machine learning to extract text from the license plate. This is stored alongside details such as where the photograph was taken, the time, as well as metadata such as the make and model of the vehicle.Brown says the camera feeds and vehicle data were likely exposed as they had not been set up on private networks, possibly by law enforcement bodies deploying them, and instead exposed to the internet without any authentication. Its been misconfigured. It shouldnt be open on the public internet, he says.WIRED tested the flaw by analyzing data streams from 37 different IP addresses apparently tied to Motorola cameras, spanning more than a dozen cities across the United States, from Omaha, Nebraska, to New York City. Within just 20 minutes, those cameras recorded the make, model, color, and license plates of nearly 4,000 vehicles. Some cars were even captured multiple timesup to three times in some casesas they passed different cameras.Jehan Wickramasuriya, corporate vice president overseeing license plate recognition products at Motorola Solutions, confirmed to WIRED that some devices were exposed and that the company plans to introduce new security measures going forward.Some customer-modified network configurations potentially exposed certain IP addresses, Wickramasuriya says in a statement. The company did not address how many systems were incorrectly configured. Wickramasuriya says if its customers use its recommended configurations, there is not a risk of cameras being exposed.We are working directly with these customers to restore their system configurations consistent with our recommendations and industry best practices, Wickramasuriya says. Our next firmware update will introduce additional security hardening.By leaving these incredibly insecure tracking devices on the open internet, police have not only breached public trust but created a bounty of location data for everyone who drives by which can be abused by stalkers and other criminals, says Cooper Quintin, senior staff technologist at the Electronic Frontier Foundation, which last year found security vulnerabilities in ALPR cameras. Police shouldn't be collecting this data at all unless there is an active investigation, and even then, the devices must be strictly scrutinized for security and public safety."Brown initially found the exposed camera data after recently buying one of Motorolas ALPR cameras on eBay, he says, and reverse engineered it to extract the devices firmware. The researcher says he found details of both the color and infrared video streams on the device he purchased and was able to access the video from the camera in his testing lab.Brown then set out to see whether any devices in the real world were publicly available online. Brown was able to use text from a 404 error page shown by the camerasincluding unique language and peculiar grammarto find IP addresses of exposed devices on the public internet. I think that is a very unique type of error page that only exists on this device, Brown says.More than 150 results appear when using publicly available internet-scanning tools. The researcher says these likely belong to a sort of hub that is connected to individual cameras, each of which have their own streaming URLs.As ALPR cameras have been deployed by law enforcement agencies, there has been little public debate on their use and the privacy implications that come with collecting and storing billions of images that include peoples location. Civil liberties campaigners have questioned how long data is stored for and the need for such widespread surveillance systems.This is part of a general pattern where governments are inclined to roll out technical systems to meet the specific goals they have without thinking about, let alone working on, the potential negative impacts that those systems have and doing the work that you need to do to minimize the negative impacts, says Daniel Kahn Gillmor, a senior staff technologist at the American Civil Liberties Union.Gillmor points to New Hampshires ALPR law as one that is reasonable. The law says records from cameras should not be recorded or transmitted anywhere and shall be purged from the system within 3 minutes of their capture.This story originally appeared on wired.com.Matt Burgess and Dhruv Mehrotra, wired.com Wired.com is your essential daily guide to what's next, delivering the most original and complete take you'll find anywhere on innovation's impact on technology, science, business and culture. 11 Comments