CATEGORIES
home News

Massive Suprema Biostar 2 Security Flaw Leaks Biometric Data On 1 Million Users

by Brandon HillWednesday, August 14, 2019, 11:00 AM EDT

Unfortunately, we have another security breach to report on today, and this one involves biometric data on over million people that improperly secured. The system in question is the Suprema Biostar 2 platform, which is used to secure commercial and government building around the globe.

Vpnmentor security researchers Noam Rotem and Ran Locar discovered the exploit, which made fingerprint/facial recognition data along with unhashed passwords and usernames available through a publicly accessible database. In total, nearly 28 million records were accessible, weighing in at 23 gigabytes.

facial data

“We were able to find plain-text passwords of administrator accounts,” Rotem explained. “Millions of users are using this system to access different locations and see in real time which user enters which facility or which room in each facility, even.”

Even more concerning is that fact that Rotem adds, “We [were] able to change data and add new users." In practice, the researchers could have added their own fingerprint data to the database or change existing fingerprint or facial information in any record. So, in theory, you'd be able to add your photo and fingerprint to the database, and have access to secure facilities with this exploit.

Considering that the Biostar 2 platform, which is now linked with the complementary AEOS security system that is used in 83 counties around the world, the implications of this security breach could have been far reaching. It doesn't take a rocket scientist to realize that unauthorized parties entering secure areas of commercial and government builds represents an even greater, physical security threat beyond the primary cybersecurity threat.

Suprema was initially unresponsive once the Vpnmentor team approached it with the findings. While Suprema never responded to the researchers directly, the security holes were closed this morning. However, a spokesman for Suprema did tell The Guardian that it would alert its customers if any of their data was compromised by a malicious party. At this point, it is unknown if unscrupulous hackers were able to pilfer through the security hole before Rotem and Locar made their discovery.

Tags:  security, biometric-security, suprema, biostar 2
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment