Biometrics Hack Puts Millions at Risk
Date: 2019-08-30
Author: Anders Adolfsson, Technical Consultant
Perhaps our Paul Foley said it best in his “Biometrics and 2FA” blog in May: “One set of fingerprints. One set of retinas. That’s all we have.” If compromised, these bits of data cannot simply be exchanged for something else.
That very issue is currently haunting Suprema’s customers and their users, particularly those whose fingerprints were accessed. Suprema, the security company for Biostar 2, a web-based biometrics lock system that centrally stores and uses fingerprints and facial recognition biometrics that workers then use to access facilities such as office buildings and warehouses. It seems this sensitive data stored by Suprema could be accessed by nearly anyone with a little hacking savvy. That means that private data for more than 1 million people was potentially compromised, giving open access to their facial recognition information, fingerprints, passwords and usernames, as well as other personal information.
Suprema is used by a variety of high-level organizations – both public and private – across the UK and beyond, including defense contractors, financial institutions and even police. When Suprema announced they’d integrated Biostar 2 with the AEOS access control system, some diligent Israeli hackers-for-good noticed they could access the Biostar 2 database easily, and that much of the information was not encrypted.
Their break into the system allowed them access to nearly 30 million records. If someone with mal intent had found the security flaw, they could have used the fingerprints to gain access to sensitive locations storing highly classified data
The hackers, who published a paper on their discoveries on vpnMentor, noted they could access data from the US, Indonesia, India, Pakistan, Finland and the UK.
vSEC:CMS
Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.
Free Product Trial
Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial.
Job Openings
We are always looking for new exceptional persons to join our team! Find out more about our job openings.
Versasec Support
Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.
Company Blog
Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact.