• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Companies
  • Podcasts

Security Researchers Allege Vulnerability in Popular Biometric Access Control System

August 14, 2019

Biometrics News: Security Researchers Allege Vulnerability in Popular Biometric Access Control System

Researchers with the digital security firm VPNMentor have alleged a serious security issue concerning Biostar 2, Suprema’s popular biometric access control system.

The researchers say they were able to gain access to BioStar 2 databases containing fingerprint and facial biometrics data, usernames and passwords, and the personal information of employees of companies using BioStar 2. The researchers added that much of the username and password data was unencrypted, and that the fingerprint biometric data was not hashed to prevent reverse engineering.

The researchers say they discovered the vulnerability on August 5th, and that the publicly accessible server on which the data was stored was made private on August 13th.

BioStar 2 is used by numerous major organizations around the world, including co-working organizations in the US and Indonesia, and the UK’s Metropolitan Police.

Responding to a request for comment from The Guardian, a Suprema spokesperson said the company has launched an “in-depth evaluation”, adding, “If there has been any definite threat on our products and/or services, we will take immediate actions and make appropriate announcements to protect our customers’ valuable businesses and assets.”

The FIDO Alliance, meanwhile, has taken the opportunity to once again highlight the advantages of on-device authentication, in which biometric data (and other information used for authentication) is not stored on a central server that can be breached. “All #FIDO standards dictate that #biometrics, when used, are ALWAYS stored on the device and NEVER on a central server,” the consortium posted on Twitter.

That having been said, the security vulnerability’s exposure has arrived at a time of growing enthusiasm over liveness detection, in which a given biometric authentication process also seeks to ensure that the legitimate, authorized subject is indeed present. Many biometrics, including fingerprints and especially faces, are by their nature public data, so the compromise of this kind of information does not have to present a security problem when adequate liveness detection is being used in authentication security.

Sources: The Guardian, BBC News

—

August 14, 2019 by Alex Perala

Related News

  • Suprema President Responds to Hack of Biometric DatabaseSuprema President Responds to Hack of Biometric Database
  • Suprema’s CoreStation Picks Up Another Security CertificationSuprema’s CoreStation Picks Up Another Security Certification
  • Invixium Pushes IXM TFACE for North American AudiencesInvixium Pushes IXM TFACE for North American Audiences
  • Accops Unveils New Remote Authentication Solution for the EnterpriseAccops Unveils New Remote Authentication Solution for the Enterprise
  • ID Talk at ISC West: The Importance of Interoperability in Identity and Security with Genetec’s Andrew ElvishID Talk at ISC West: The Importance of Interoperability in Identity and Security with Genetec’s Andrew Elvish
  • Suprema and BioConnect Show Off New Product Integrations at ISC WestSuprema and BioConnect Show Off New Product Integrations at ISC West

Filed Under: News Tagged With: Biometric, biometric access control, biometrics, BioStar 2, data breaches, face biometrics, facial recognition, fingerprint biometrics, fingerprint recognition, Suprema

Primary Sidebar

EXCLUSIVE MEMBERS ONLY CONTENT:

Become a FindBiometrics Member and gain easy access to specialty content, including the ID Tech column, replays of virtual events, and Identity School educational checklists:

ID TECH: What Role Will Biometrics Play in the Cyber Cold War? We’re About to Find Out [NEW]

Identity School: Facial Recognition Cheat Sheet

REPLAY: Travel & Hospitality Virtual Identity Summit

Sponsored Links

TECH5 showcase logo

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases. 

Learn more: www.tech5.ai

Onfido logo

Onfido is building the new identity standard for the internet.Our AI-based technology assesses whether a user’s government-issued ID is genuine or fraudulent, and then compares it against their facial biometrics. That’s how we give companies like Revolut, Zipcar and Bitstamp the assurance they need to onboard customers remotely and securely. Our mission is to create a more open world, where identity is the key to access.. For more information, please visit www.onfido.com

ThreatMark brings trust to the digital world by providing cutting-edge fraud prevention solutions. Major banks use ThreatMark’s AI-powered technology and behavioral biometrics to build secured banking experience to precisely verify their legitimate users, seamlessly across all digital channels. All while securing the users’ most precious assets and keeping the fraudsters away. Learn more: www.threatmark.com/

With its secunet border gears product portfolio and specialised consulting expertise, secunet supports police forces and security authorities in their sovereign tasks. Whether ABC gates, self-service kiosks or biometric middleware – each component helps to strengthen identity protection and to accelerate verification – in mobile and stationary scenarios.

Mobile ID World Logo

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Recent Posts

  • Web3 Gets Its First Smartphone, Featuring Biometric Authentication
  • Vivo X80 Pro Stands Out With Extra-large In-display Sensor
  • Apple Seeks to Kill Both the Password and the CAPTCHA With New Authentication Solutions
  • American Airlines Looks to Selfie Biometrics for Passenger Processing
  • VAIO Installs Fingerprint Sensors in New FE Laptops

Biometric Associations

IBIA and fido

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2022 FindBiometrics