A number of large-scale information disclosure incidents in recent years have caused network users to use secure passwords that are no longer secure. But if the more secure fingerprint data is exposed, the consequences are even more serious. Unfortunately, this is what happens on the Suprema Biostar 2 fingerprint lock. It is reported that researchers have discovered a security vulnerability in Suprema’s Biostar 2 biometrics lock systems that allows them to access more than one million authentication data.
According to The Guardian, the data includes fingerprint/face recognition data, unencrypted usernames and passwords, and even employee personal information. The Suprema Biometrics Certification System has many corporate and public agency clients – including the UK Metropolitan Police, defense contractors, and banks – and even harm multinationals in the US, Pakistan, Finland, and Indonesia.
Israeli researchers Noam Rotem, Ran Locar and vpnmentor found a security vulnerability in Suprema and gained access to the Biostar 2 database. The most shocking thing is that after gaining access, security researchers found that the database lacked the protection it deserved, and most of the data was in an unencrypted storage state, making it easy to access a total of more than 27.8 million (over 23GB data) records.
In addition to sensitive information, security researchers can easily monitor the actual usage of stored biometric data. For example, to see in real-time which user enters any facility through a specific security gate, and even view the password of the administrator account. In addition, researchers can edit someone’s account and add their own fingerprints. So in theory, an attacker can break through all the places that need to be authorized to enter.