Connect with us

News

Fingerprint and facial recognition data was available on a publicly accessible database

Nothing surprises me anymore.

facial recognition being shown on a person with fingerprint data
Image: Cisco

Today brought to light very concerning news regarding user security – this time in the form of fingerprint and facial recognition data.

In a report from The Guardian, the fingerprints of over 1 million people, facial recognition information, unencrypted usernames and passwords and personal information of employees was found on a publicly reachable database. The company responsible for it all is Suprema.

Suprema is a security company which created the web-based Biostar 2 bio-metrics lock system. The Biostar 2 bio-metrics lock system allows for people to gain access to buildings using their fingerprints and facial recognition.

What makes the breach even worse is that last month Suprema announced that they were integrating another access control system into their Biostar 2 platform

This new control system is called ‘AEOS’. AEOS is used by 5,700 different organizations in 83 different countries. These organizations included governments, banks, and even the UK Metropolitan police.

The breach was found by Israeli security researchers Noam Rotem and Ran Locar who were working with vpnMentor, a service that reviews virtual private network services.

While running a search last week, the researchers found that Biostar 2’s database was unprotected and unencrypted. The researchers were able to search the database by manipulating the URL search criteria in Elasticsearch to gain access to data.

To be exact, the researchers had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff.

Rotem stated, “We were able to find plain-text passwords of administrator accounts,” he further stated, “The access allows, first of all, seeing millions of users are using this system to access different locations and see in real-time which user enters which facility or which room in each facility, even.”

He also stated that they could also manipulate and edit an existing user’s account and add his own fingerprint and then be able to access whatever building that user is authorized to access.

We don’t want to bore you with the specifics so if you wish to read more you can do so here.

What do you think? Surprised by this news or is it just another day? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Murtaza is a Computer Science student who takes immense interest in mobile technology. He believes the future of computing lies in smartphones because ARM architecture will eventually take over. He also loves to tinker with ROMs and kernels keeping up with the latest in smartphones.

Comments
Advertisement

More in News