Technology
Major security flaw exposes fingerprints of more than 1 million people
Exposed passwords are bad enough. But fingerprint and facial recognition data? That’s terrifying.
Suprema’s Biostar 2 biometric security system came under scrutiny after vpnMentor and two researchers — Noam Rotem and Ran Locar — uncovered a major flaw that exposed the biometric data of more than 1 million people, according to The Guardian.
Biostar 2 is a security platform that, in part, utilizes facial recognition and fingerprints to control access to buildings and other secure facilities. Making the potential breach even worse: Biostar 2 was recently integrated into Nedap’s AEOS security platform, which is used for security by thousands of companies and organizations in more than 80 countries.
The researchers said not only was the database unencrypted, but was accessed by tweaking URL search criteria in Elasticsearch, a search and analytics engine. And it contained a lot of data.
The Guardian reported that the researchers “had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff.”
According to vpnMentor, the exposed data was discovered on Aug. 5, 2019. Two days later, they notified Biostar 2 of the issue and by Aug. 13, the database was private. It’s not known how long all of that information was accessible and if anyone, particularly bad actors, had gained access to the database.
What’s more, vpnMentor reports that Biostar’s office was “generally very uncooperative.”
Among the U.S.-based businesses the researchers were able to access data for: co-working space Union and medical supply company Phoenix Medical. But The Guardian notes that organizations that are part of AEOS include “governments, banks and the UK Metropolitan police.”
We’ve reached out to Suprema for additional comment but, for now, you can continue to rest, uh, uneasily knowing that your data will never be fully secure.
Intel has already received $2.2B in federal grants for chip production
How to quit social media: This Gen Z-er has a plan
DeepSeek exposed internal database containing chat histories and sensitive data
How to watch ‘Babygirl’ at home: Streaming release date
Meta says end of fact-checking hasn’t impacted ad spend
A psychologist’s advice on how to limit social media’s harmful effects on kids
ChatGPT’s mobile users are 85% male, report says
NASA’s Webb telescope threatened with budget cuts. They would hit hard.
DeepSeek: Everything you need to know about the AI chatbot app
‘Jimpa’ review: Does Sundance’s buzzed-about queer family drama live up to the hype?
CES 2025 highlights: 12 new gadgets you can buy already
‘American Primeval’ review: Can Netflix’s grimy Western mini-series greatest ‘Yellowstone’?
Eight ways Mark Zuckerberg changed Meta ahead of Trump’s inauguration
Tesla launched the new Model Y in China. Here’s what you need to know
Meta ditches fact-checking for community notes ahead of second Trump term
Space calendar 2025: Here are the moments you won’t want to miss
How to donate to LA fire victims, and avoid falling for scams
CES 2025: Hands on with the airy Asus Zenbook A14
‘Night Call’ review: A bad day on the job makes for a superb action movie
Webb telescope just solved the ‘universe-breaking problem’
Intel has already received $2.2B in federal grants for chip production
How to quit social media: This Gen Z-er has a plan
DeepSeek exposed internal database containing chat histories and sensitive data
How to watch ‘Babygirl’ at home: Streaming release date
Meta says end of fact-checking hasn’t impacted ad spend
A psychologist’s advice on how to limit social media’s harmful effects on kids
ChatGPT’s mobile users are 85% male, report says
NASA’s Webb telescope threatened with budget cuts. They would hit hard.
DeepSeek: Everything you need to know about the AI chatbot app
‘Jimpa’ review: Does Sundance’s buzzed-about queer family drama live up to the hype?
-
Entertainment6 days ago‘Presence’s Steven Soderbergh and David Koepp on ghosts, horror, and hating winks
-
Entertainment7 days agoWhat are immigration red cards? How the internet is rallying behind undocumented workers
-
Entertainment6 days ago‘Pee-wee as Himself’ review: Paul Reubens’ documentary is a must-see for ‘Playhouse’ fans
-
Entertainment6 days agoTikTok ban: Influencers brace for an uncertain future
-
Entertainment5 days agoFilms by Black creators to watch on Netflix
-
Entertainment3 days ago‘Dimension 20’s ‘Gauntlet at the Garden’ was a euphoric experience for ‘Dungeons and Dragons’ fans everywhere
-
Entertainment6 days agoHow to stop doomscrolling with apps you already have
-
Entertainment3 days ago‘If I Had Legs, I’d Kick You’ review: Rose Byrne stuns in nauseating thrill ride about motherhood
