Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Across Uzbekistan, a network of about 100 banks of high-resolution cameras placed on roads constantly scans the license plates of vehicles and their occupants, sometimes thousands a day, for potential traffic violations. Cars running red lights; Drivers not wearing seat belts; And unlicensed vehicles driving at night, for example but not limited to.
The driver of one of the system’s most closely monitored vehicles was tracked over a six-month period as he traveled between the eastern city of Chirchik, via the capital Tashkent, and in the nearby settlement of Eshunguzar, often several times a week.
We know this because the country’s sprawling license plate tracking surveillance system has been left exposed to the Internet.
Security researcher Anurag Senwho discovered the vulnerability, found the license plate monitoring system exposed online without a password, allowing anyone to access the data inside. It is not clear how long the monitoring system has been public, but artifacts from the system show that its database was created in September 2024, and traffic monitoring began in mid-2025.
This exposure offers a rare glimpse into how these national license plate surveillance systems work, what data they collect, and how they can be used to track the whereabouts of any one of millions of people across the entire country.
The break also reveals Security and privacy risks associated with mass surveillance of vehicles and their owners, as the United States builds its national suite of license plate readers, Many of them are provided by surveillance giant Flock. Earlier this week, independent news outlet 404 Media reported that Flock had left dozens of its license plate-reading cameras publicly exposed on the Internet, allowing a reporter Watch themselves being tracked in real time With Fluke camera.
Sen said he found the exposed Uzbek license plate monitoring system earlier this month, and shared details of the vulnerability with TechCrunch. Sen told TechCrunch that the system’s database reveals the real locations of the cameras, and contains millions of images and raw camera video footage of passing vehicles.
The system is operated by the Public Security Department of the Uzbek Interior Ministry in Tashkent, which did not respond to emails seeking comment about the vulnerability during December.
Uzbek government representatives in Washington, D.C., and New York also did not respond to TechCrunch’s emails about the exposure. The Uzbekistan Computer Emergency Preparedness Team, UZCERT, did not respond to any alert about the system, other than an automated response stating that our email had been received.
The monitoring system remains exposed on the web at the time of writing.
The system refers to itself as an “intelligence traffic management system” from Maxvision, a company based in Shenzhen, China, that makes internet-connected traffic technologies, border inspection systems and surveillance products. in Video on LinkedInThe company says its cameras can record “the entire illegal operation” and can “display illegal and bystander information in real time.”
according to Her bookletMaxvision exports its security and surveillance technology to countries around the world, including Burkina Faso, Kuwait, Oman, Mexico, Saudi Arabia and Uzbekistan.
A TechCrunch analysis of data inside the exposed system revealed at least a hundred cameras located in major Uzbek cities, as well as busy road intersections and other important transportation routes.
We plotted the GPS coordinates of the cameras, and found banks of license plate readers in Tashkent, the cities of Jizak and Qarshi in the south, and Namangan in the east. Some cameras are located in rural areas, such as roads near… Disputed parts of the border Between Uzbekistan and Tajikistan.
In Tashkent, the country’s largest city, cameras can be found in more than a dozen locations. Some of these cameras are even visible in Google Street View.
The cameras, some of which watermark their footage with the name of Singaporean camera maker Holowits, capture video and still images of vehicles violating the rules in 4K resolution.
The exposed system allows access to its web interface, which contains a dashboard that allows operators to examine footage of traffic violations. The dashboard contains zoomed-in photos and raw video footage of the violations, as well as surrounding vehicles. (TechCrunch redacted the vehicle’s license plates and occupants before publication.)
The revelation of Uzbekistan’s national license plate reading system is the latest example of a vulnerability involving road surveillance cameras.
Earlier this year, Wired reported That more than 150 license plate readers across the United States and the real-time vehicle data they collect have been exposed to the Internet without any security.
Convertible license plate readers are not a new phenomenon. In 2019, TechCrunch reported Over one hundred license plate readers were searchable and accessible From the Internet, allowing anyone to access the data contained within. Some had It has been exposed for yearsalthough security researchers warn law enforcement agencies that these systems can be accessed from the web.
To communicate securely with this reporter, you can contact him using Signal via the username: zackwhittaker.1337