Biometric Breach Exposes Fingerprints, Facial Data And Personal Info

August 24, 2019

Written by wukovits

Do you employ a biometric security solution at your company to control building access?

If your solution employs BioStar 2 technology (which is often integrated into third-party systems such as Nedap’s AEOS access control system), you have cause for concern. Recently, researchers from vpnMentor announced that they uncovered a massive database.

It is about 23 gigabytes in size and houses 27.8 million records including fingerprints and facial recognition images. These are mostly un-encrypted and publicly available.  In addition to the above, the exposed data also included employee names, usernames and passwords.

Worse, using the information contained in the database, the researchers who made the discovery were able to trace the precise movement of individual employees throughout physical facilities. That along with their security clearance levels and their home and email addresses. This kind of exposure is catastrophic.  It allows hackers an unprecedented view into the inner workings of any exposed company, and it renders the security infrastructure of any building using BioStar 2’s technology completely useless.

Worst of all, Suprema, the company that makes BioStar 2, has been unusually uncooperative and unresponsive about the matter.  They fixed the issue with the exposed database eight days after it was reported by vpnMentor.

A few days after that, made a terse formal reply, which reads, in part, as follows:

“Suprema is aware of the reports in the press regarding its BioStar 2 platform and the alleged unauthorized access to data involving vpnMentor.  The Company takes any report of this nature very seriously.  It is investigating the allegations in the press reports and will liaise with any appropriate third parties and/or individuals as necessary.”

If your firm utilizes any security solution built around BioStar 2, at a minimum, you should immediately change your password and the passwords associated with all of your employees.

Used with permission from Article Aggregator

Related Articles

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers...

Send us a message

Your message was sent.

Thank you for contacting Bayou Technologies. We'll be in touch soon!

Need help? support-icon