• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Companies
  • Podcasts

Clearview AI Security Flaw Allowed Access to Cloud Repository

April 17, 2020

Embattled facial recognition startup Clearview AI is yet again the subject of scrutiny following reports that a security officer from an outside firm gained access to a cloud repository containing thousands of private files including the company’s source code.

Clearview AI Security Flaw Allowed Access to Cloud Repository

Chief security officer at SpiderSilk, a Dubai-based cybersecurity firm, Mossab Hussein discovered the repository. He said that though it was password-protected, a misconfigured server setting meant anyone registering as a new user was able to log into the system that stored the code.

Clearview uses a database of 3 billion images scraped from the internet, and markets its facial recognition technology as a service to law enforcement agencies. Following a front-page story in The New York Times in January, Clearview has been hit with a number of cease and desist orders from companies such as Google, Facebook, and Twitter, as well as lawsuits from private citizens.

As TechCrunch reports, inside its repository, Hussein discovered Clearview’s source code along with secret keys, and credentials that granted him access to the company’s storage buckets that contained copies of its completed Windows, Mac, iOS and Android apps, and some pre-release developer apps used for testing.

Hussein also found the company’s Slack tokens, which he could have used to access Clearview’s private messages and communications.

This isn’t the first security-related mishap Clearview has faced in recent months. In February, a hacker managed to steal the company’s client list, revealing that despite its assertions that it was primarily used by law-enforcement agencies in North America, in fact it had roughly 2,900 unique public and private institutions in 27 countries around the world.   

“We have set up a bug bounty program with HackerOne whereby computer security researchers can be rewarded for finding flaws in Clearview AI’s systems,” said Clearview CEO Hoan Ton-That. “SpiderSilk, a firm that was not a part of our bug bounty program, found a flaw in Clearview AI and reached out to us. This flaw did not expose any personally identifiable information, search history or biometric identifiers.”

Another major discovery made by Hussein was a storage bucket in the cloud repository containing roughly 70 thousand videos taken at face-height in the lobby of a New York apartment building. The videos are from a prototype camera set up by New York City real estate company Rudin Management in a trial program struck up with Clearview to test its Insight Camera, which Ton-That says has since been discontinued.

“As part of prototyping a security camera product we collected some raw video strictly for debugging purposes, with the permission of the building management,” said Ton-That.

Source: TechCrunch

–

April 17, 2020 – by Tony Bitzionis

Related News

  • Incode Extends Presence in Hospitality SectorIncode Extends Presence in Hospitality Sector
  • A Major BIPA Ruling, a Clearview Rival, and Another Ekemp Twist: Identity News DigestA Major BIPA Ruling, a Clearview Rival, and Another Ekemp Twist: Identity News Digest
  • Walmart, AT&T, and Other Big Names Added to Clearview Class Action LawsuitWalmart, AT&T, and Other Big Names Added to Clearview Class Action Lawsuit
  • Canadian Government Asks Court to Dismiss Privacy Lawsuit Against National Police ForceCanadian Government Asks Court to Dismiss Privacy Lawsuit Against National Police Force
  • Clearview AI Plans Commercial Face Matching ServiceClearview AI Plans Commercial Face Matching Service
  • iDenfy Provides Remote Onboarding Tech for JobHireHubiDenfy Provides Remote Onboarding Tech for JobHireHub

Filed Under: News Tagged With: Biometric, biometric authentication, biometrics, Clearview AI, cybersecurity, facial biometrics, facial recognition, lawsuits, privacy concerns, security breaches

Primary Sidebar

Identity is Shaping Air Travel – Time to Invest

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

TECH5 logo

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases. 

Learn more: www.tech5.ai

Mobile ID World Logo

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Recent Posts

  • Panera Pivots to Bakery Biometrics: Identity News Digest
  • Zighra Gets Canada’s OK, Worldcoin Launches ‘World ID’: Identity News Digest
  • Lawsuits, Passkeys, and a New VP: Identity News Digest
  • Digital Identity Tech Demo Online Event
  • Biometric Ticketing Comes to Osaka Station: Identity News Digest

Biometric Associations

IBIA and fido

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 FindBiometrics