A huge database of highly sensitive data, including around one Million fingerprints has been a longer period of time unprotected and unencrypted on the network.
As the Israeli security researcher Noam Rotem and Ran Lokar from the VPN comparison portal vpnMentor reported, the data comes from the platform “Biostar 2” the Korean security company Suprema, which claims to be Europe’s market leader in biometric access control systems. About the security leak first reported the British “Guardian”, as well as the Israeli Portal “Calacalist”.
“Biostar 2” works with fingerprints or facial scans can organize on a web-based platform for smart door locks, with the company access control for your offices or warehouses themselves. The System is used according to information from the “Guardian” of the British police, as well as several companies from the arms industry and banks.
Among the customers from Germany, the researchers had access to data of the company identification base. The company deals with the technology for Printing of ID and access cards.
“The leak is huge,” said the two security researchers. “It endangers not only affected businesses and organizations, but also the employees.” The vulnerability meant that you could receive the complete control over the accounts in the System, Rotem said the Portal “Calcalist”.
The researchers had access to more than 27.8 million records and 23 gigabytes of data, including fingerprint and face detection data, Face images of users, unencrypted user names and passwords, protocols on access to the facilities, safety and approval, and personal data of the staff. Also, you could have records in the company accounts and manipulate to create.
“a Malicious agent could use the leak to hack secure facilities and to manipulate the security protocols for criminal activities.”
Horrified, the researchers showed that in the System the complete set of biometric data is usually unencrypted are stored. To save “instead of a Hash of the fingerprint that cannot be reverse engineered, you can save the actual fingers of the people, which can be copied for malicious purposes, prints”, the researchers said the “Guardian”.
Red and Lokar were Surprised about how bad the Suprema-have secured customers for part of their accounts: “Many of the accounts contained ridiculously simple passwords like” password “and” abcd1234.”
The head of marketing at Suprema, Andy Ahn, told the Guardian that the company had made a “thorough assessment” of the vpnMentor information provided. The customer would be notified in the event of a threat. The company vpnMentor said that the security hole had been closed on Tuesday, a week after the leak was discovered.
Reuters topics in this article finger print Guardian Media Group, Tel Aviv, London access data Europe police arms industry is New in Digital New strategy Netflix series victims need to continue to grow By Christoph Fröhlich display star travel worlds football trip to Madrid or Barcelona incl. Flight & Ticket from € 399 Pay TV Alternative to Sky: Five providers in comparison with First Edition pokemon cards are auctioned at the auction house for 100,000 euros From the painted Mans Successful Twitter brings search you had no name, only an old photo and found the man, of her as a child, a Bicycle donated By Susanne Baller Hacker fair “Def Con” Nespresso for half the price? Hacker discovered a Laundry absurd money-Scam on Ebay By Malte Mansholt chat service Messenger Facebook voice recordings was typing – what are the users of DPA were affected For 3 million dollars Tumblr was once more valuable than Instagram – Yahoo is now sold at a loss his hope Of Malte Mansholt Smartphone help These eight practical mobile Gadgets to make your life easier iPhone-rumors of a Radical change: there Will be no iPhone 11? By Malte Mans Phishing get Why we emails from falling victim to fraud – and how in a bad mood, protects us in front Of the painted Mans 40 new Levels Mahjong get play Now for free! Life Hacks play So you can test the charge level of the batteries daily issue of the sun, rain or cloudy: Therefore, all of the weather Apps show something else By Christoph Fröhlich premiums increased, you can chop the Apple? The can you cracked the millionaire DPA making of the first world war, Only in the Propaganda of the first tank attack was a huge success By Gernot Kramper Messenger Whatsapp: So a Hacker can manipulate your Chats By Malte Mansholt Smartphone market, Samsung is trying to copy Apple’s recipe for success – and is once again failed By Malte Mans Tricks for smartphone owners to get This error when Charging will make your battery broken Galaxy Book S Samsung new Laptop is thinner than the Macbook – and holds up to 23 hours by Christoph Fröhlich Samsung’s new top models from Samsung makes the Galaxy Note 10 to the savings model and the Fans are upset By Malte Mans Internet telephony Microsoft brings Skype acknowledges:-calls are part of the staff listened to DPA