Researchers at the digital security firm VPNMentor have reported a serious security problem related to Biostar 2, the popular Suprema biometric access control system.
The researchers say they were able to access the BioStar 2 databases that contain biometric data of fingerprints and facials, usernames and passwords, and personal information from employees of companies using BioStar 2. The researchers added that great Some of the username and password data were not encrypted, and that the biometric fingerprint data was not encrypted to avoid reverse engineering.
Investigators say they discovered the vulnerability on August 5 and that the public access server where the data was stored was made private on August 13.
BioStar 2 is used by numerous important organizations around the world, including joint work organizations in the USA. UU. And Indonesia, and the United Kingdom Metropolitan Police.
In response to a request for comments from The Guardian, a spokeswoman for Suprema said the company has launched an "in-depth evaluation," adding: "If there has been a definitive threat to our products and / or services, we will take immediate action and make appropriate announcements to protect our customers' valuable businesses and assets. "
Meanwhile, FIDO Alliance has taken the opportunity to once again highlight the advantages of authentication on the device, in which biometric data (and other information used for authentication) is not stored on a central server that can be violated. "All #FIDO standards dictate that #biometrics, when used, are ALWAYS stored on the device and NEVER on a central server," the consortium said. posted on Twitter.
That said, the security vulnerability exposure has come at a time of growing enthusiasm for life detection, in which a given biometric authentication process also seeks to ensure that the legitimate and authorized subject is actually present. Many biometric data, including fingerprints and especially faces, are by nature public data, so the commitment of this type of information does not have to present a security problem when proper life detection is used in authentication security .
August 14, 2019 by Alex Perala