Lax security, procurement alleged behind Indian police facial recognition app breach

A biometric data breach from a police system in Telangana, India that may have exposed the facial images of an unknown number of criminal suspects and police officers has been reported.

Police information-sharing app TSCOP, which includes a facial recognition capability, and HawkEye, an app for the public to report crimes to the police with, have both been breached, according to the reports. The apps were poorly protected, including with passwords visible in plain-text within TSCOP. The Telangana police SMS service portal was also recently breached.

Worse, The News Minute reports that Telangana police have been using the national network of police databases, the Crime and Criminal Tracking Network and Systems (CCTNS), to gather data from departments all over the country. It did not implement access control measures to protect this information, the publication claims.

News Minute suggests that the police contracted the app without the appropriate checks and balances.

A Telangana police representative denied “certain related media reports that appeared in newspapers” about breached hotel visitor data from TSCOP, the Deccan Chronicle reports.

Hyderabad, Telangana paper The Siasat Daily reviewed the data for sale on a popular forum for selling breached data, where Telangana’s police data was offered for $150. It found details of criminal records and police officials, including images, along with names and contact details for 200,000 HawkEye users. Aadhaar data that the Telangana police should not have had possession of was also included, according to the report.

Police have arrested a 20-year-old student they say is responsible, the Chronicle reports.

The procurement of an upgraded multi-biometric recognition system by Telangana police was carried out in an unusually short process in March, and the push by Indian police to adopt facial recognition in other states has come with data breaches and attendant criticism.

Article Topics

biometric identification  |  biometrics  |  data protection  |  facial recognition  |  India  |  mobile app  |  police