Biometric Data of More Than a Million Users is Exposed Due to Huge Security Bugs

Published on August 21, 2019

Biometric Data

The information of more than one million people remaining openly exposed on a database held by Suprema, a biometric safety firm, was found by researchers. Data involves face-recognition and fingerprint data from UK Metropolitan Police, tiny local companies and governments worldwide.

Biometric Data - Huge Security Bugs

Huge Security Bugs: Image Source

In order to assist firms to handle access to their equipment, Suprema provides BioStar 2 biometric software that utilizes face recognition and fingerprint technology. Nearly 6,000 organizations–including multinational companies, regulators, banks, and the UK Metropolitan Police–make use of BioStar 2.

Researchers said previously in August they found an extremely delicate openly available ElasticSearch database of 23 gigabytes of information, including the fingerprints of more than one million persons with biometrics gathered from multiple clients using BioStar 2.

“This is an enormous leak which threatens both the companies and organizations, as well as their staff,” said vpnMentor scientists on a Wednesday assessment. “Our group has been able to access over 1 million documents of fingerprint and facial identification. In relation to fingerprints and facial identification documents (including pictures of the customers), staff’s private information such as unencrypted usernames and passwords have been also affected. Criminal conduct and fraud are potentially enormous. Within 27.8 million documents discovered in the database unprotected, scientists could easily display delicate information such as house addresses and e-mails, staff documents and safety concentrations and more.

If thieves can access this data, scientists advised that they could access user accounts and permissions for equipment that help the software BioStar 2. In addition, the fact that biometric data has been clearly stored and not hackneyed in this particular event “is seriously concerned and is inappropriate,” said Kelvin Murray, Webroot’s senior risk study officer in an email.

Biometrics offer more privacy than traditional qualifications, they’re component of you and no fingerprint or face resetting’ he says. “If face recognition and fingerprint data are leaked or robbed the victim cannot undo this breach of security. It is also its biggest weakness which makes biometrics as efficient as a means of recognition.” The information was gathered mainly from the over 6,000 BioStar 2 organizations. This includes many U.S. firms such as Lits Link, Union Member House, Phoenix Medical, etc. Data gathered by the UK Metropolitan Police were also affected.

It is unsure whether third parties other than vpnMentor have accessed the data; however, 8 days after it was discovered, the database was acquired.

“Suprema Inc. is conscious of media accounts concerning its BioStar 2 platform and the supposed unlawful access to vpnMentor information,” a Supreme Spokesperson informed media. The Company requires any such study very seriously. It examines the claims in the media releases and shall communicate with all relevant third parties and/or people if needed.  At this point it is unable to create any further observations but, when necessary, will issue a further press release and correct any erroneous claims made to date in the accounts.

Biometrics Woes

The event increases biometric safety and privacy issues. Biometrics like facial recognition is already being constantly used by and even in the White House by police officers. And it’s not just the United States; biometrics are spreading around the world. A major biometric database was endorsed by the EU in April, combining information from law enforcement, border control and more for EU and non-EU people alike.

While facial recognition has its benefits–including quicker, more effective detection–the proliferation of biometric apps in the real world has privacy professionals concerned about certain in-depth issues about privacy and safety.

“In my view, this is worse than any of the other latest mega infringements, since it can immediately relate to possible cyber-terror assaults centered on damaging information,” said Checkmarx Global Security Strategy Application Director Matt Rose in an email. “The event shines a light on organizations that need adequate diligence to safeguard and contract safety businesses, and most importantly the most delicate information of their clients.” Nor was it the first recent safety event in biometrics. In June, the United States Customs and border protection stated that in latest infringements, more than 100,000 travelers in and out of the nation had been touched by photographs of their faces and license plates.

The vpnMentor researchers said one of the greatest risks for biometrics safety is that “facial recognition and fingerprint information cannot be altered.” “It cannot be reversed once they have been robbed,” they said. “BioStar2’s unsecured storage of this data is worrying, given its significance and the fact that it is constructed by a safety business.”

Disclosure Issue

Initially, on August 5, researchers discovered the open database and contacted suppliers on August 7. On 13 August, however, the method of publication was unclear and Suprema was usually not cooperative.

“Many efforts were made by our group to contact the business via email, to no benefit,” said scientists. “Eventually we chose to call the headquarters of BioStar2. Again, the business did not respond to it mainly.

Read More: AR Navigation Maps Launched by Google for Android and iPhones

Enjoyed this video?
Biometric Data - Huge Security Bugs
"No Thanks. Please Close This Box!"