TN police’s Facial Recognition Software portal breached
CHENNAI: Tamil Nadu Police’s Facial Recognition Software (FRS) portal used by the police to identify and track crime suspects, missing persons through facial recognition among others was breached by a hacker on Friday night.
The portal was launched in October 2021and has more than 60 lakh records of individuals including pictures, names, FIR numbers and also contains details of police officers. The hacker who identified as Valerie posted a sample face recognition report query by a police constable with Basin Bridge Police station in Chennai and the results showing the top 20 matches.
The FRS portal is designed and developed by CDAC (Centre for Development of Advanced Computing)Kolkata.
The use of facial recognition software by law enforcement agencies has been condemned by data privacy activists who have continuously warned of the possibility of misuse.
The breach was highlighted in social media site, X by Falconfeeds.io pointing out that data samples from the police FRS portal have been published on the dark web and are for sale.
Responding to the breach, Tamil Nadu Police said that the FRS application is hosted in the server at TNSDC (State data centre) (ELCOT)
“The FRS application is used for capturing the images of wanted persons, missing persons and unidentified dead bodies from the
CCTNS database. Presently, The FRS is being used by 46,112 users across the State. The latest security audit was carried out by TNeGA on March 13,” an official statement from the office of DGP Shankar Jiwal stated.
On Preliminary enquiry, it is learnt that the password has been compromised in admin account. The admin account has limited rights like creation of id for users, queries search and the details of front end can only be viewed, the official statement added.
Police have communicated about the breach to ELCOT (Electronics Corporation of Tamil Nadu), TNeGA, CDAC-Kolkata for necessary action.
“As a preventive measure, the Admin account has been deactivated. The unauthorized user can view only the front end data (creation of id for users, queries search) and hence the unauthorized user could not have provision to access the backend data & main server data,” according to the Tamil Nadu police. A complaint has also been lodged with Chennai Police’s cyber crime wing.
The FRS application is used for capturing the images of wanted persons, missing persons and unidentified dead bodies from the CCTNS database. Presently, The FRS is being used by 46,112 users across the State. The latest security audit was carried out by TNeGA on March 13 —DGP Shankar Jiwal