While having your passwords exposed is one thing but not to get your facial recognition and fingerprint data stolen is downright terrifying.
The latest company to have surfaced on the threat of having their data of fingerprints stolen of its users is the Suprema and its Biostar 2; the biometric security system. Two researchers by the name Ran Locar and Noam Rotem discovered the major flaw in the company’s security system which has exposed the data of nearly 1 million of its users.
Biostar 2 is the security platform which makes use of the user’s fingerprints and facial recognition to allow them access to secure places such as buildings which makes this potential breach of data even more threatening. The AEOS security platform is being used by nearly thousands of different companies as well as the organizations in nearly 80 countries across the world for security purposes.
According to the aforementioned researchers, the database was not only unencrypted but was also easily accessible by simply tweaking the ULR criteria is a search and analytics engine named ElasticSearch.
The Guardian reported this news from researchers that “ these researchers gained access to over 27,8 records which is 23 GBs worth of data that includes information like dashboards, fingerprints, admin panels, facial recognition, unencrypted usernames, passwords, face pictures of users, logs for access to facility, security levels and their clearances along with personal detail of the entire staff.”
The researchers notified about this exposed data to Suprema and they were able to make the data private on August 13th. As for the fact that how long this data had been exposed for or how many have gained access to it; still remains unclear and unknown.
In addition to Suprema, researchers were also able to gain access to the data of the US-based businesses such as Union and Phoenix Medical. The Guardian also mentioned that many organizations that use the AEOS are the UK Metropolitan Police and the Government Banks.