A nationwide surveillance network in Uzbekistan, comprising approximately 100 high-resolution roadside camera banks, has been left exposed on the open internet. The system, which tracks thousands of vehicles daily to monitor traffic violations—such as running red lights, failing to wear seatbelts, or illegal nighttime driving—was discovered by security researcher Anurag Sen without any password protection.
A Gateway to Mass Tracking
The security lapse allows unrestricted access to a vast database of vehicle movements. Forensic analysis indicates the database was established in September 2024, with traffic monitoring operations commencing in mid-2025. The exposed interface provides a granular look at how national surveillance infrastructures function, revealing the real-time locations, raw video footage, and millions of photographs of vehicles and their occupants across the country.
One specific vehicle tracked through the system was monitored over a six-month period as it moved between Chirchiq, Tashkent, and the settlement of Eshonguzar, highlighting the potential for persistent surveillance of individual citizens.
Technical Infrastructure and Global Reach
The system is identified as an “intelligence traffic management system” developed by Maxvision, a company based in Shenzhen, China, specializing in internet-connected surveillance and border inspection technologies. According to company documentation, Maxvision exports these tools to various nations, including Saudi Arabia, Kuwait, Oman, Mexico, and Burkina Faso.
Data analysis confirms that the cameras are strategically placed at major junctions, transit routes, and even rural areas near the border between Uzbekistan and Tajikistan. In the capital, Tashkent, dozens of these cameras—some manufactured by Singapore-based Holowits—are currently operational, with some locations even visible on public mapping services.
Privacy Risks and Institutional Silence
The exposed dashboard enables operators to view 4K-resolution footage and zoomed-in captures of vehicles and drivers. Despite the severity of the breach, the Department of Public Security within Uzbekistan’s Ministry of Internal Affairs has failed to respond to multiple inquiries regarding the incident. Similarly, the country’s computer emergency readiness team (UZCERT) provided only an automated acknowledgment of receipt, and the system remains exposed to the web at the time of reporting.
A Global Pattern of Insecurity
This incident is part of a broader trend of critical infrastructure exposure. Earlier this week, reports emerged that surveillance giant Flock left dozens of its AI-powered cameras exposed to the internet. Furthermore, Wired previously reported that over 150 license plate readers in the United States were similarly left unprotected, mirroring a 2019 discovery where hundreds of global readers were found to be publicly searchable.
