Major breach found in biometrics system used by banks, UK police and defence firms
The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.
Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings.
Recently Biostar 2 platform was integrated into another access control system – AEOS, that is used by 5,700 organisations in 83 countries, including governments, banks and the UK Metropolitan police. In a search last week, the researchers found Biostar 2’s database was unprotected and mostly unencrypted.