Data leak at Chinese manufacturer reveals information on surveillance devices

A Chinese manufacturer has inadvertently disclosed the data of surveillance devices. An unsecured database, which was freely accessible on the internet, contained 3 billion data records with details of surveillance systems from Chinese manufacturer Raysharp.

Raysharp (Zhuhai Raysharp Tech) is a Chinese company that was founded in 2007 and specializes in the production of professional security video surveillance solutions (cameras, recorders, etc.). While searching for data leaks, security researchers from Cybernews came across an unsecured database of the company that was accessible via the Internet. The database contained the analysis data of Raysharp's surveillance devices and comprised three billion data records.

• The Cybernews research team came across the open Elasticsearch server, which stored logs and proprietary data collected from Raysharp devices worldwide.
• The log files viewed as part of the data leak covered a period of three months, from November 2, 2023 to February 1, 2024. The total number of records was 3,148,830,160.

The exposed logs contained sensitive data types, including the following data points

• device_uuid: This is likely to be a unique device identifier. Malicious actors can use it to track and identify specific devices, and disclosing the device ID along with other information can compromise the privacy and security of users and organizations.
• mobile_token: Are used for authentication and authorization purposes in mobile applications. Exposed mobile tokens can be exploited for unauthorized access to user accounts or sensitive information.
• Token_uuid: This is likely to be a unique identifier associated with authentication tokens. Disclosure of this data could help to gain unauthorized access.
• appid: The unique identifier for the application itself. While less sensitive, it could be used to target specific applications or services.
• Device name: This could reveal information about the user or organization using the device and could be used for targeted attacks or profiling.
• APNS and push_channel: The researchers also discovered data indicating that the systems were configured to use the Apple Push Notification Service (APNS). This is the channel for sending push notifications to iPhones and other iOS devices.

The logs uncovered may have originated from product development. Cybernews contacted the company Zhuhai Raysharp Tech in China to obtain further information. However, the Chinese manufacturer has not responded. However, the National Computer Network Emergency Response Technical Team/Coordination Center of China, also known as CNCERT/CC, told Cybernews that they have received a response from the company. Raysharp confirmed the use of Elasticsearch to manage logs.

"Elasticsearch is an open source log service system, where port 9500 is only used for log queries during product development. Under normal circumstances, it is not necessary to use it. Only if there is an anomaly in the product, it is necessary to query the product log via port 9500 to localize the problem. Currently, the service on port 9500 is temporarily suspended. Once this vulnerability has been fixed, it can be reopened," says the Raysharp commentary.

Cybernews researchers warn users of Raysharp products of an increased risk of data breaches. They should take extra precautions to protect their privacy and security, such as changing passwords and resetting authentication tokens, not exposing monitoring devices directly to the Internet, using encrypted protocols, monitoring accounts for suspicious activity, and practicing good cybersecurity hygiene, starting with enabling multi-factor authentication. Details on this incident can be found in this Cybernews article.