Monday , September 23 2019
Home / zimbabwe / A new data breach has uncovered millions of fingerprints and facial recognition: Report

A new data breach has uncovered millions of fingerprints and facial recognition: Report




<div _ngcontent-c15 = "" innerhtml = "

It's been a while, but now a major breach of the biometric database has actually taken place – facial recognition data, fingerprints, log data and personal information have been found in a "publicly accessible database".

report published by security research Noam Rotem and Ran Loca in Vpnmentor relates to suprema, a company that describes itself as a "global powerhouse in biometric, security and identity solutions," with a product portfolio that "includes biometric access control systems, time and attendance solutions, live fingerprint scanners, mobile authentication solutions and built-in fingerprint modules . "

The news of the breach was the first Posted from side Guard a UK newspaper highlighting the use of the Suprema solution by British metropolitan police, defense contractors and banks. "However, the breach is international, with Suprem's Biometric Identity SDK Biostar 2 integrated into an AEOS access control system" that uses 5,700 organizations in 83 countries, including governments, banks and police. "

Rotem and Loca discovered the breach by scanning ports for "known IP blocks," topics that they would then track for public datasets, breaches in other words.

The home country for such research is either sensitive data or large companies. It seems that in this case they were both combined. Nearly 28 million records on more than 23 gigabytes of data – records that include "fingerprint data, facial recognition information, user face photos, unencrypted usernames and passwords, facility access records, security and approval levels, and personal information of staff."

Most of the information is unencrypted, including (most alarmingly of all) usernames and passwords. "We were able to find the plain text passwords of the administration accounts," Rotem said Guard, "Access primarily allows millions of users using this system to access different locations and see in real time which user enters which object or room in each object." The researchers even "could change the data and add new users."

The really serious implications here are twofold. First, manipulating secure access control systems – editing accounts, changing records, removing or adding entries, even changing user data. And, second, an even bigger problem is access to real biometric data that (obviously) cannot be changed. To lose your password and username is one thing: stealing iOS fingerprints (which cannot be changed) iOS, quite unquestionably.

According to research, "instead of storing a fingerprint hash (which cannot be reversed), they are storing actual fingerprints of people who can be copied for malicious purposes."

The researchers said Guard they tried to "make multiple attempts" to contact Suprema before making their findings. The vulnerability was extinguished, and a spokesman for Suprema told the Guardian that the company had launched a "detailed" evaluation of the report. "If there is any threat to our products and / or services, we will take immediate action and make appropriate announcements to protect the valuable businesses and assets of our customers."

">

It's been a while, but now a major breach of the biometric database has actually taken place – facial recognition data, fingerprints, log data and personal information have been found in a "publicly accessible database".

A report published in Vpnmentor by security researchers Noam Rotem and Ran Loca refers to Suprema, a company that describes itself as a "global force in biometric, security and identification solutions," with an assortment of products that "includes biometric access control systems, time and attendance , live fingerprint scanners, mobile authentication solutions and built-in fingerprint modules. "

The news of the breach was first published by the magazine Guard a UK newspaper highlighting the use of the Suprema solution by British metropolitan police, defense contractors and banks. "However, the breach is international, with Suprem's Biometric Identity SDK Biostar 2 integrated into an AEOS access control system" that uses 5,700 organizations in 83 countries, including governments, banks and police. "

Rotem and Loca discovered the breach by scanning ports for "known IP blocks," topics that they would then track for public datasets, breaches in other words.

The home country for such research is either sensitive data or large companies. It seems that in this case they were both combined. Nearly 28 million records on more than 23 gigabytes of data – records that include "fingerprint data, facial recognition information, user face photos, unencrypted usernames and passwords, facility access records, security and approval levels, and personal information of staff."

Most of the information is unencrypted, including (most alarmingly of all) usernames and passwords. "We were able to find the plain text passwords of the administration accounts," Rotem said Guard, "Access primarily allows millions of users using this system to access different locations and see in real time which user enters which object or room in each object." The researchers even "could change the data and add new users."

The really serious implications here are twofold. First, manipulating secure access control systems – editing accounts, changing records, removing or adding entries, even changing user data. And, second, an even bigger problem is access to real biometric data that (obviously) cannot be changed. To lose your password and username is one thing: stealing iOS fingerprints (which cannot be changed) iOS, quite unquestionably.

According to research, "instead of storing a fingerprint hash (which cannot be reversed), they are storing actual fingerprints of people who can be copied for malicious purposes."

The researchers said Guard they tried to "make multiple attempts" to contact Suprema before making their findings. The vulnerability was extinguished, and a spokesman for Suprema told the Guardian that the company had launched a "detailed" evaluation of the report. "If there is any threat to our products and / or services, we will take immediate action and make appropriate announcements to protect the valuable businesses and assets of our customers."


Source link