Latest in Gear

Image credit: John Lund via Getty Images

Server screw-up exposes Clearview’s facial recognition AI software

A data repository exposed the company's apps, security keys and files.
Steve Dent, @stevetdent
April 17, 2020
847 Shares
Share
Tweet
Share

Sponsored Links

Facial recognition used on pedestrians on a New York Street.
John Lund via Getty Images

Clearview AI is widely seen as a privacy nightmare by the public and is even looked down on privacy-challenged tech giants like Google. Now, the company has shown that it can’t even take care of its own data, according to a report from TechCrunch. It managed to expose its source code to anyone with an internet connection due to a server misconfiguration, a flaw spotted by a security researcher at the Dubai-based firm SpiderSilk.

The repository held app source code that’s used to compile apps. The company also stored its Windows, Mac, iOS and Android apps on the server, including pre-release developer apps used for testing, according to SpiderSilk research chief Mossab Hussein. It also exposed Clearview’s Slack tokens which would let anyone access the company’s internal messages without a password.

The leak also revealed Clearview’s prototype “Insight” camera that has since been discontinued. As TechCrunch showed in a video, SpiderSilk reportedly found 70,000 videos in one storage bucket that were taken from an Insight camera installed in a residential building in Manhattan. The company said it “collected some raw video strictly for debugging purposes, with the permission of the building management.”

Clearview’s facial recognition AI that can identify a person using data from Facebook, Instagram and other public-facing internet services. It obtains this data by “scraping” billions of photos from social media sites and elsewhere. The company markets its service to law-enforcement agencies and other businesses, which can use it to identify a person simply by uploading their photo. Clearview was breached earlier when a list of businesses using its services was leaked.

Clearview CEO Hoan Ton-That has defended the company’s practices, saying that it should be allowed to store any publicly-available information, just as Google and others do. However, the company has shown that it not only exposes the public to privacy violations, it can’t even protect its own data.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
847 Shares
Share
Tweet
Share

Popular on Engadget

PlayStation is the latest to join the Facebook ad boycott

PlayStation is the latest to join the Facebook ad boycott

View
100 million people watch YouTube on TVs each month

100 million people watch YouTube on TVs each month

View
'NBA 2K21' comes with a next-gen upgrade... if you spend $100

'NBA 2K21' comes with a next-gen upgrade... if you spend $100

View
Samsung is selling a wireless charger that also sterilizes your phone

Samsung is selling a wireless charger that also sterilizes your phone

View
Will gallium nitride electronics change the world?

Will gallium nitride electronics change the world?

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr