Skip to main content

Finding and Investigating License Plate Readers, Part 2


Yesterday we found license plate readers and want to learn more about them. At the end of the last post we had three IP addresses from a search of Shodan for “AutoVu” in the html field. AutoVu is the proprietary line of Genetec under which it sells a variety of automatic license plate recognition hardware and software.

Two of those IP address gave response pages with LPRaaS in the title, for “License Plate Reader as as Service.” and one titled Login - AutoVu Occupancy Study, all on the Microsoft Azure cloud. The latter and one of the former IPs are in Boydton, Virginia, according to Shodan, and one, 23.101.179.17, is in Dallas. 

Before digging more into these hosts I wanted to try some more searches on Shodan -- I went to a police magazine website’s product index and made a list from the ALPR page.

I didn’t need it yet; searching Shodan for html:”lpr” and html:”alpr” was plenty -- it produced dozens of leads. This post is the first lead to pan out (I eliminated several hosts that were false positives or ALPR company websites).

5 IP addresses in the results were all in San Jose, California, according to the Shodan maps. 

I scanned all 5 IPs with Nmap -- I make this a routine practice, that is, to use penetration-testing/network tools in a sort of clumsy way, to extract every little bit of information I can.

The scan wasn’t really necessary, as I was able to visit all of the hosts directly by clicking on the IPs -- and when I did so on HTTPS ports, I was first directed to a warning page, telling me that the certificate was not from site:[IP address], but rather *.leapportal.us. If you enter that address into your browser, you are sent to

And upon clicking on any of the links, you're directed to log in.




This particular varmint appears to belong to Forensic Logic. According to its website, it is Better Policing through Better Data.™ 

“Forensic Logic’s LEAP Network is a search engine and information network that is tying together America’s law enforcement and homeland security.”

Note in the WARNING says the website contains "criminal records and related data governed by the FBI's Criminal Justice Information System Security Policy."

The site we discovered does not appear to deal with any live data -- however, it does include, among open source data (like “Many business listings, so if a robbery occurs next to the 'Apple Store' on that map, a search for 'robbery at Apple Store' will find it Building addresses”), “Very large data sets - 330,000 License Plate Readings over 2 months. When zoomed in, it shows the individual license plates.” This is given as two hypertext link options - images from both are below.




Four IP addresses send you to the same (or an identical) index page; the 5th has only a header image for an Ubuntu “lpr test server.”


I owe some of you, as promised, a check for your plate number, and this server itself definitely warrants more investigation. We've still got our Nmap scans and much more to check out.

I added a subscribe by email widget to my site, stick with me, we have fun every day around here.

UPDATE: It's possible the ALPR is from a public source, we'll take a quick look back at this in the next post.

Comments

  1. Hi! It's Forensic Logic!

    Thanks for your article about our open source mapping project that you can download here:
    https://github.com/forensiclogic/mapserver_osm_gis_analytics

    Indeed all that LPR data is public. You can see the script to load your own LPR data into your own copy of our geospatial analysis software using the script here: https://github.com/forensiclogic/mapserver_osm_gis_analytics/blob/master/bin/load_lpr_test_data

    Agencies can load their own private data sets into their own copy of the software if they like; and our sales team will be happy to help them do so.

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. Here is another good analysis of this Oakland LPR public data:

    https://www.eff.org/deeplinks/2015/01/what-we-learned-oakland-raw-alpr-data

    ReplyDelete

Post a Comment