Estimated reading time: 1 minute, 44 seconds

Fingerprint Data Leak Highlights Biometric Cybersecurity Risks

Saturday, Aug 31 2019
Vulnerabilities
Written by  Security Tech Brief Staff
Fingerprint Data Leak Highlights Biometric Cybersecurity Risks

The recent revelation that a security flaw exposed fingerprints and facial recognition information has renewed attention on how organizations handle biometric data.

The Guardian was first to report that researchers found they were able to access the database of security company Suprema’s Biostar 2 biometric lock system. The researchers said more than 1 million sets of fingerprints, among other personal information, were publicly accessible and mostly unencrypted.

In all, Israeli security researchers Noam Rotem and Ran Locar said 27.8 million records, representing 23 gigabytes of data, were compromised. Along with fingerprints, that included images of users’ faces, unencrypted username-password combinations and other personal details. "Facial recognition and fingerprint information cannot be changed,” the researchers wrote in a blog post. “Once they are stolen, it can’t be undone.”

Following the news, the UK Information Commissioner’s Office told Bloomberg it was launching a probe into facial-recognition technology use in London’s Kings Cross district.

The exposure is hardly limited to Britain. According The Guardian, Suprema’s BioStar2 system recently announced integration with another system, AEOS, that is “used by 5,700 organisations in 83 countries, including governments, banks” and police.

The lapse has also raised concerns among cybersecurity experts. Michela Menting, research director at ABI Research, told Bloomberg that leaked biometric data could help hackers create “deepfakes,” audio and video faked to show people saying or doing things that never happened. Zak Doffman, founder of surveillance firm Digital Barriers, warned on Forbes.com that each time people give away their biometric data, the risk of it being stolen increases. “This will not be the last news item of this kind,” he wrote.

Biometrics have also lately been a topic of lawsuits. A federal appeals court has allowed a class action against Facebook over the company’s use of facial recognition technology, in a decision that attorneys say could spark more litigation, reports Business Insurance.

Suprema’s head of marketing, Andy Ahn, told The Guardian, “If there has been any definite threat on our products and/or services, we will take immediate actions and make appropriate announcements to protect our customers’ valuable businesses and assets.”

Read 2749 times
Rate this item
(0 votes)
More in this category: « How Capital One’s Data Breach Happened and What’s Next Google Found a Big iPhone Security Flaw. What Does it Mean? »

Visit other PMG Sites:
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline