Chinese company leaves Muslim-tracking facial recognition database exposed online
February 14, 2019One of the facial recognition databases that the Chinese government is using to track the Uyghur Muslim population in the Xinjiang region has been left open on the internet for months, a Dutch security researcher told ZDNet.
Gevers told ZDNet that the database contained information on 2,565724 users, along with a stream of GPS coordinates that came in at a rapid pace.
The user data wasn’t just benign usernames, but highly detailed and highly sensitive information that someone would usually find on an ID card, Gevers said. The researcher saw user profiles with information such as names, ID card numbers, ID card issue date, ID card expiration date, sex, nationality, home addresses, dates of birth, photos, and employer.
For each user, there was also a list of GPS coordinates, locations where that user had been seen.
The database also contained a list of “trackers” and associated GPS coordinates. Based on the company’s website, these trackers appear to be the locations of public cameras from where video had been captured and was being analyzed.
Some of the descriptive names associated with the “trackers” contained terms such as “mosque,” “hotel,” “police station,” “internet cafe,” “restaurant,” and other places where public cameras would normally be found.
Gevers told ZDNet that these coordinates were all located in China’s Xinjiang province, the home of China’s Uyghur Muslim minority population.
The database that Gevers found wasn’t just some dead servers with old data. The researcher said that during the past 24 hours a stream of nearly 6.7 million GPS coordinates were recorded, meaning the database was actively tracking Uyghur Muslims as they moved around.