Technology
Major security flaw exposes fingerprints of more than 1 million people
Exposed passwords are bad enough. But fingerprint and facial recognition data? That’s terrifying.
Suprema’s Biostar 2 biometric security system came under scrutiny after vpnMentor and two researchers — Noam Rotem and Ran Locar — uncovered a major flaw that exposed the biometric data of more than 1 million people, according to The Guardian.
Biostar 2 is a security platform that, in part, utilizes facial recognition and fingerprints to control access to buildings and other secure facilities. Making the potential breach even worse: Biostar 2 was recently integrated into Nedap’s AEOS security platform, which is used for security by thousands of companies and organizations in more than 80 countries.
The researchers said not only was the database unencrypted, but was accessed by tweaking URL search criteria in Elasticsearch, a search and analytics engine. And it contained a lot of data.
The Guardian reported that the researchers “had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff.”
According to vpnMentor, the exposed data was discovered on Aug. 5, 2019. Two days later, they notified Biostar 2 of the issue and by Aug. 13, the database was private. It’s not known how long all of that information was accessible and if anyone, particularly bad actors, had gained access to the database.
What’s more, vpnMentor reports that Biostar’s office was “generally very uncooperative.”
Among the U.S.-based businesses the researchers were able to access data for: co-working space Union and medical supply company Phoenix Medical. But The Guardian notes that organizations that are part of AEOS include “governments, banks and the UK Metropolitan police.”
We’ve reached out to Suprema for additional comment but, for now, you can continue to rest, uh, uneasily knowing that your data will never be fully secure.
Why women behaving badly are dominating our screens
‘Spellbound’ review: Netflix’s animated adventure finds its magic right at the end
2024 Black Friday ads: Greatest deals from Target, Greatest Buy, Walmart, Kohls, and more
Greatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
A24 is selling chocolate now. But what would their films actually taste like?
New teen video-viewing guidelines: What you should know
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
How to watch ‘Smile 2’ at home: When is it streaming?
Black Friday 2024: The greatest early deals in Australia – live now
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
‘Here’ review: Robert Zemeckis, Tom Hanks, and Robin Wright reunite
The 34 greatest Australian horror films (and where to watch them)
Menendez brothers case reignites online: The questions that keep resurfacing
How to watch the 2024-2025 NBA season without cable: The greatest streaming deals
Election 2024: The truth about voting machine security
Halloween 2024: Weekend debates, obscure memes, and a legacy of racism
‘Only Murders in the Building’ Season 4 ending explained: Who killed Sazz and why?
‘Dragon Age: The Veilguard’ review: BioWare made a good game again
‘Wallace and Gromit: Vengeance Most Fowl’ review: A delightful romp with an anti-AI streak
Review: I tested the new GoPro Hero 13 Black by land and sea
Why women behaving badly are dominating our screens
‘Spellbound’ review: Netflix’s animated adventure finds its magic right at the end
2024 Black Friday ads: Greatest deals from Target, Greatest Buy, Walmart, Kohls, and more
Greatest Amazon Black Friday deals: Early savings on Fire TVs, robot vacuums, and MacBooks
A24 is selling chocolate now. But what would their films actually taste like?
New teen video-viewing guidelines: What you should know
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
How to watch ‘Smile 2’ at home: When is it streaming?
Black Friday 2024: The greatest early deals in Australia – live now
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment6 days agoEarth’s mini moon could be a chunk of the big moon, scientists say
-
Entertainment6 days agoThe space station is leaking. Why it hasn’t imperiled the mission.
-
Entertainment5 days ago‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment5 days agoBlack Friday 2024: The greatest early deals in Australia – live now
-
Entertainment4 days agoHow to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment3 days ago‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment2 days agoA24 is selling chocolate now. But what would their films actually taste like?
-
Entertainment3 days agoNew teen video-viewing guidelines: What you should know
