Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook
The Paypers, paypers, Insight in payments, News, Reports, Events
 advertisement
Digital Identity, Security & Online Fraud

Biometrics system used by banks discovered on publicly accessible database

Wednesday 14 August 2019 | 10:40 AM CET

Fingerprints, facial recognition and other personal information from Biostar 2, a biometrics system used by banks, UK police and defence companies has been discovered on publicly accessible database.

The exposed database contained the fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees. The web-based Biostar 2 biometrics lock system allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings.

In July 2019, Suprema, the company responsible for Biostar 2, announced its platform was integrated into another access control system – AEOS. AEOS is used by 5,700 organisations in 83 countries, including governments, banks and the UK Metropolitan Police.

While conducting some projects on private network services, two Israeli security researchers from vpnmentor found Biostar 2’s database was unprotected and mostly unencrypted.

The researchers had access to over 27.8 million records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff, according to The Guardian.

The researchers made multiple attempts to contact Suprema before taking the paper to the Guardian. Suprema’s head of marketing told the Guardian the company had taken an ‘in-depth evaluation’ of the information provided by vpnmentor and would inform customers if there was a threat.

More: Link
 advertisement
 advertisement
 advertisement
 advertisement