Bitcoin
$7,263.58 0.86%
BTC · 17w

Major breach found in biometrics system used by banks, UK police and defence firms

The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.

Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings.

Last month, Suprema announced its Biostar 2 platform was integrated into another access control system – AEOS. AEOS is used by 5,700 organisations in 83 countries, including governments, banks and the UK Metropolitan police.

The Israeli security researchers Noam Rotem and Ran Locar working with vpnmentor, a service that reviews virtual private network services, have been running a side project to scans ports looking for familiar IP blocks, and then use these blocks to find holes in companies’ systems that could potentially lead to data breaches.

In a search last week, the researchers found Biostar 2’s database was unprotected and mostly unencrypted. They were able to search the database by manipulating the URL search criteria in Elasticsearch to gain access to data.

The researchers had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff.

Much of the usernames and passwords were not encrypted, Rotem told the Guardian.

“We were able to find plain-text passwords of administrator accounts,” he said.

“The access allows first of all seeing millions of users are ...

Continue on theguardian.com
Recent news
BTC +0.86% · decrypt.co · 3h

Three amigos in a Bitcoin bus

It’s a road trip like no other. In two years, La Bitcoineta has travelled 22,000 miles—almost the circumference of the globe—spreading the crypto creed to eager Latin Americans.
BTC +0.86% · coincompass.com · 9h

The Lightning Network (009): Bitcoin Basics Podcast

Faris and Gordon discuss the Lightning Network and how this payment solution is being used on top of the ₿itcoin blockchain to enable cheaper, faster and more private transactions.
BTC +0.86% · abcwallet.com · 11h

Bitcoin Messenger Wallet

ABC Wallet is a unique application created by BlockABC team in blockchain industry that supports the asset management of multiple mainstream public chains, exchanges and NFT, providing all-in-one fina...