smart cities are a very hot topic these days as we have seen reports of facial detection and state surveillance in China as wellspring as other asian countries and Ecuador. Recently we have also seen intelligence about an Alibaba-owned project called city brain that has advanced video and processing ability for facial detection, real-time information statistics and feeds, crime and traffic offenders, and much more. Whether you call such systems “advanced intelligence” because they learn from the data they ingest, or whether you call them “city visual intelligence engine” or just “government surveillance,” they generally collect and stock a tremendous amount of personal information. But no matter how smarting of a system it is, the humans responsible for managing it make errors, and city brain has slipped up. city Brain exposed its have data via elastic lookup engine instances that were left open without any authentication, leaving all the data from its processing open for anybody to view. uncovering and Notification I discovered their most recent surety failure on january 13. It involved 56GB of data across 22 indices that appeared to live a mix of test and production naming. Within the indices were links to a cloud system for City mentality vendors. part of the links and indices revealed which city data was from. Luzhou and Hangzhou are both well-known cities involved with the city Brain program. As a result, attribution and impinging information for City Brain were actually fairly easy to determine in this leak, and I quickly discovered that the head of the city Brain lab team could live reached via LinkedIn. Within a few hours of reaching out to them to alert them, I received a answer thanking me and apprisal me that they would look into it. “Thanks a lot for letting me. let me get a look. Thanks. – Xian-Sheng” Within a few hours, the system was offline. Not Their First Leak This is not the first time city mentality data hold leaked. Researcher toilet Wethington discovered a very similar set of data that was reported in May, 2019. in that case, the researcher appeared to experience had difficulty getting them to acknowledge the leak after it had been fixed. Maybe that incident has changed how they respond to security alerts from researchers, or maybe I just got lucky this time to acquire a quick and effective response. one thing that is clear, however, is that as well as tracking cars, faces, people, and mobile devices, governments are also using CCTV to running simple objects like bicycles. Governments and vendors need to focus on the overall security of the data generated by these systems so that they do not descend into the wrong hands and roll up misused or exploited. As more and more cities go “smart cities,” the risk of misuse grows exponentially, and the need for better data security becomes critical. Reporting by Lee J, with editing by Dissent.