A biometric database powered by more than 5700 companies worldwide was discovered online, unprotected, by a cybersecurity research team. This database being thus accessible to everyone, unencrypted passwords, facial recognition data and more than one million fingerprints could be consulted and modified.
The system in question, named BioStar 2, belongs to the Suprema security company. Used in particular by the banks and the police in the United Kingdom, it makes it possible to reserve the access to buildings to the authorized persons.
Researcher Noam Rotem, of the vpnMentor website, explained to The Guardian that the flaw allowed him to modify existing biometric data or to add new ones. For example, he could have registered as a user for one of Suprema’s client companies or replaced the fingerprint of someone authorized by his own.
The vpnMentor site confirmed to Radio-Canada that at least one Canadian company, the NexGen Technologies technical services firm, appeared in the database. More organizations could have been affected, but the research team did not record all of the information presented.
Noam Rotem says he has repeatedly tried to advise Suprema of his discovery, without success. That’s why he decided to make the information public. The researcher argues that this leak could have important consequences because, unlike a password, the biometric data can not be modified.
The security firm then confirmed to The Guardian that the flaw was resolved Wednesday and that it would inform its customers if its information was compromised.
Aaron Clinkerton has been writing and editing at Fuse News for over two years, where he has covered everything from E3 to self-driving cars to rocket launches, and everything in between. He previously spent time at the Gadgets 360, Mashable and Tech Radar, earning a Masters degree in communications from the University of Michigan along the way. When not working on his next piece, you might find Aaron traveling the world in search of the weird and wonderful. Failing that, he’ll probably be napping.