In both department stores and office buildings, fingerprints and facial recognition can be used to identify people who have gained access to them. One of the systems that handle biometric data is Biostar 2, which is owned by the company Suprema. The web-based system is used, for example, by the London police, banks and defense actors.
Last week, two Israeli security researchers, Noam Rotem and Ran Locar, discovered that Biostar 2's database was unprotected and largely unencrypted. This is what the British Guardian writes. Fingerprints, facial recognition information and other sensitive data - about over a million people - were thus open to the public.
- We found unencrypted passwords for administrator accounts, says Noam Rotem to The Guardian, and thinks they could also change data and add new users.
A longer post about the deficiencies has been published on the Vpnmentor service.From Sri Lanka to Finland
The researchers should have tried to contact Suprema, without getting an answer. On Wednesday, however, the shortage was corrected, a little more than a week after the researchers warned Suprema about the leak.
Suprema's marketing manager Andy Ahn tells The Guardian that the company has launched an "in-depth evaluation" and that, if it detects that there has been any threat, will inform the customers affected.
The researchers believe that the lack of database is alarming as the service is found in 1.5 million locations around the world. They claim to have access to data from, among other things, a gym chain in India and Sri Lanka and a parking company in Finland."Very common"
At the same time, the researchers believe that the problem is not unique to Suprema.
- It's very common. There are millions of open systems, and going through them is a very complicated process, "Noam Rotem told The Guardian, saying some of these systems are quite sensitive.
SVT Nyheter awaits a response from the Swedish Agency for Social Protection and preparedness about whether Swedish actors have been affected by the leak.