There are at least a dozen, most likely many more, Embedded Facial Recognition Systems online on the World Wide Web with a basic software flaw that allows anyone without credentials to browse the /images directory, download log files, and view enrolled images.
I was able to locate the systems on Shodan searching for - html:facial html:recognition html:embedded country:"US" - and once on the log-in pages, simply inspecting the page source revealed the path to the background image.
Navigating one directory up revealed the directory listing, and I was able to navigate to the folder "logs" and download .bmp files of faces enrolled in the system, as well as system files.
I've been able to identify the system just by searching for "embedded facial recognition" software (embedded in this case means the sensor and the analytics are combined, as opposed to the alternative of a system that conducts analysis of user-submitted probe images taken by independent cameras). It's AccuFACE by PSPSecurity, and believe it or not, PSP's website is down.
At least a dozen, probably many more, such systems using the same software have this common flaw, so it's a good example of what's really a general exposure of this kind of surveillance technology to dilettantes like myself browsing Shodan.
With inexpert trawling of I've been able to access recorded drone footage, a Highway Patrol surveillance trailer, dialed number recorders, many automated license plate reader servers, as well as more facial recognition portals than I've been able to check for possible access.
But it gets much worse.
They're still looking for Hitler.
I was able to locate the systems on Shodan searching for - html:facial html:recognition html:embedded country:"US" - and once on the log-in pages, simply inspecting the page source revealed the path to the background image.
Navigating one directory up revealed the directory listing, and I was able to navigate to the folder "logs" and download .bmp files of faces enrolled in the system, as well as system files.
Many of the systems seem to be on dedicated IP blocks (inferred from searching Shodan for the IP's ASN, net:"xx.xx.xx.0/24"), and the owner of some systems can be gleaned from other devices on the network. These are not law enforcement systems, from what I can discern, rather access control devices at commercial and industrial sites.It's probably none of my business but I'm one of those people who needs to know what the fuck pic.twitter.com/F453dsf67x— Kenneth Lipp (@kennethlipp) May 6, 2017
I've been able to identify the system just by searching for "embedded facial recognition" software (embedded in this case means the sensor and the analytics are combined, as opposed to the alternative of a system that conducts analysis of user-submitted probe images taken by independent cameras). It's AccuFACE by PSPSecurity, and believe it or not, PSP's website is down.
|  | 
| Log in screen I found through Shodan | 
|  | 
| AccuFACE software design, with the same background graphic. | 
At least a dozen, probably many more, such systems using the same software have this common flaw, so it's a good example of what's really a general exposure of this kind of surveillance technology to dilettantes like myself browsing Shodan.
With inexpert trawling of I've been able to access recorded drone footage, a Highway Patrol surveillance trailer, dialed number recorders, many automated license plate reader servers, as well as more facial recognition portals than I've been able to check for possible access.
Just from the few facial recognition servers I've tried so far, I've been able to view and download footage and its metadata.Live right now, Highway Patrol in a Great Plains state, full pan tilt and zoom, reckon in a bit I'll be driving this around pic.twitter.com/3gS3DUe6p7— Kenneth Lipp (@kennethlipp) April 5, 2017
But it gets much worse.
They're still looking for Hitler.





Hii friends, I wanted to write a little Info related to Visa. Are you interested in traveling to any country? Yes, you can apply visa online. You can fill out your visa application form online within 5 to 10 minutes via our Visacent website. We offer visas to citizens of over 190 countries. You can read more info about visas via our website.
ReplyDeleteYour article is easy to read and understand. I would like to read more articles like this. Getting a Turkey e visa online is a hassle free process. It saves time and money as well.
ReplyDeleteCrunch into thin wafers in riyadh, experiencing a delicate fusion of crispiness and flavor. Delight your senses with every light, airy bite in the vibrant cityscape.
ReplyDeleteLime kiln dust in Louisiana, Texas, serves as a vital material for soil stabilization and construction, contributing to the resilience and longevity of infrastructure projects throughout the region. Its cost-effective and eco-friendly properties make it a preferred choice for enhancing soil strength and durability in Louisiana's dynamic landscape.
ReplyDeleteIt's crucial to prioritize cybersecurity and data privacy in our digital age. Your method highlights the importance of vigilance in securing sensitive information online. When it comes to enhancing security measures in physical spaces, consider reputable fit out companies in the UAE like those at fit out companies uae.
ReplyDeleteEnjoy the convenience of fresh coffee at your doorstep—must order coffee online in Dubai for quick delivery and premium quality. Perfect for home and office!coffee delivery dubai
ReplyDeleteDust control units in Edmonton are essential for managing airborne dust in industries like construction, demolition, and mining. These systems help reduce environmental impact, maintain air quality, and improve safety on job sites. Local providers such as Edge Equipment, ShearForce Equipment, and AIRPLUS Industrial offer effective solutions, including misting systems, fog cannons, and dust collectors. These units are customizable to meet the specific needs of each site, ensuring compliance with local regulations and improving overall site safety.dust control Units in Edmonton
ReplyDeleteChecking the software update to get aware from all working requirements. In addition approach to the best LinkedIn profile maker to enhance the job portfolio to get successful in the career.
ReplyDelete