A biometrics system employed by UK police, banks, and defense firms has underwent a huge data hack, disclosing the fingerprints of over one million individuals along with facial recognition information, unencrypted passwords, and other personal info.
The biometrics lock system, Biostar 2, managed by security firm Suprema, employs facial recognition and fingerprints technology to offer authorized people access to buildings. The previous month the service was added into AEOS (another access system) that is employed by 5,700 agencies all over 83 nations.
The security error was found up by Ran Locar and Noam Rotem (Israeli researchers), vpnmentor (the from VPN review service). In a routine network scan performed previous week, the couple discovered that database of Biostar 2 was available publicly and that by changing URL search condition they were capable of accessing almost 23GB of data and 28 million records, comprising facial recognition data, fingerprints, security clearance information, and passwords.
In an interview, Rotem claimed that the error meant he can modify info and add new consumers, which might let him to include his own fingerprint to the network and use whatever services a real consumer was allowed to use. He claimed that not only was the utter scale of the hack shocking but the nature of the data hack will have upcoming consequences.
On a related note, earlier EA fixed errors in its Origin service that might have allowed attackers to exploit and hijack accounts of millions of consumers. The errors were seen by CyberInt and Check Point Research, and once exploited, they might have permitted player account identity theft and takeover. The cybersecurity firms warned EA, which was swift to take action.
The errors took benefit of EA Games’ employment of authentication tokens, abandoned subdomains, and single TRUST & sign-on mechanisms developed into the consumer login process.