In a vulnerability found by Israeli security researchers
there occurred a rather major breach of biometric systems that left data of
more than 1 million individuals 'exposed' in an openly accessible database.
The frameworks influenced were said to have been utilized by
the UK Metropolitan police, defence contractors, and banks, for fingerprint and
facial recognition purposes.
It all started when the researchers found that the biometric
data on 'Suprema's web-Biostar 2 platform' that controls access to secure facilities,
was unprotected and 'mostly unencrypted.'
The affected database included 27.8 million records,
totalling 23 gigabytes of data. A small and simple manipulation of the URL
search criteria enabled access to the data as well as allowed room for some
changes.
Purportedly, the researchers have now been searching for
familiar IP blocks to further use these in order to discover holes in company’s
frameworks that could conceivably prompt data breaches.
We were able to find plain-text passwords of administrator
accounts. The access allows first of all seeing millions of users are using
this system to access different locations and see in real time which user
enters which facility or which room in each facility, even. We [were] able to
change data and add new users,” – Rotem and Locar, the security researchers.
Despite the fact that the vulnerability has been fixed, be
that as it may, it is still in the news as the size of the breach was
disturbing because the affected service is currently in use in approximately
1.5 million areas over the world.
