• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Companies
  • Podcasts

Clearview AI Security Flaw Allowed Access to Cloud Repository

April 17, 2020

Embattled facial recognition startup Clearview AI is yet again the subject of scrutiny following reports that a security officer from an outside firm gained access to a cloud repository containing thousands of private files including the company’s source code.

Clearview AI Security Flaw Allowed Access to Cloud Repository

Chief security officer at SpiderSilk, a Dubai-based cybersecurity firm, Mossab Hussein discovered the repository. He said that though it was password-protected, a misconfigured server setting meant anyone registering as a new user was able to log into the system that stored the code.

Clearview uses a database of 3 billion images scraped from the internet, and markets its facial recognition technology as a service to law enforcement agencies. Following a front-page story in The New York Times in January, Clearview has been hit with a number of cease and desist orders from companies such as Google, Facebook, and Twitter, as well as lawsuits from private citizens.

As TechCrunch reports, inside its repository, Hussein discovered Clearview’s source code along with secret keys, and credentials that granted him access to the company’s storage buckets that contained copies of its completed Windows, Mac, iOS and Android apps, and some pre-release developer apps used for testing.

Hussein also found the company’s Slack tokens, which he could have used to access Clearview’s private messages and communications.

This isn’t the first security-related mishap Clearview has faced in recent months. In February, a hacker managed to steal the company’s client list, revealing that despite its assertions that it was primarily used by law-enforcement agencies in North America, in fact it had roughly 2,900 unique public and private institutions in 27 countries around the world.   

“We have set up a bug bounty program with HackerOne whereby computer security researchers can be rewarded for finding flaws in Clearview AI’s systems,” said Clearview CEO Hoan Ton-That. “SpiderSilk, a firm that was not a part of our bug bounty program, found a flaw in Clearview AI and reached out to us. This flaw did not expose any personally identifiable information, search history or biometric identifiers.”

Another major discovery made by Hussein was a storage bucket in the cloud repository containing roughly 70 thousand videos taken at face-height in the lobby of a New York apartment building. The videos are from a prototype camera set up by New York City real estate company Rudin Management in a trial program struck up with Clearview to test its Insight Camera, which Ton-That says has since been discontinued.

“As part of prototyping a security camera product we collected some raw video strictly for debugging purposes, with the permission of the building management,” said Ton-That.

Source: TechCrunch

–

April 17, 2020 – by Tony Bitzionis

Related News

  • Walmart, AT&T, and Other Big Names Added to Clearview Class Action LawsuitWalmart, AT&T, and Other Big Names Added to Clearview Class Action Lawsuit
  • Canadian Government Asks Court to Dismiss Privacy Lawsuit Against National Police ForceCanadian Government Asks Court to Dismiss Privacy Lawsuit Against National Police Force
  • Clearview AI Plans Commercial Face Matching ServiceClearview AI Plans Commercial Face Matching Service
  • iDenfy Provides Remote Onboarding Tech for JobHireHubiDenfy Provides Remote Onboarding Tech for JobHireHub
  • LoginID Seeks to Add Biometric Security to NFT Transactions With New PartnershipLoginID Seeks to Add Biometric Security to NFT Transactions With New Partnership
  • Australian Information Commissioner Finds Clearview Violated Privacy ActAustralian Information Commissioner Finds Clearview Violated Privacy Act

Filed Under: News Tagged With: Biometric, biometric authentication, biometrics, Clearview AI, cybersecurity, facial biometrics, facial recognition, lawsuits, privacy concerns, security breaches

Primary Sidebar

EXCLUSIVE MEMBERS ONLY CONTENT:

Become a FindBiometrics Member and gain easy access to specialty content, including the ID Tech column, replays of virtual events, and Identity School educational checklists:

ID Tech: America’s Most Murderous City Reverses Its Facial Recognition Ban [NEW]

ID TECH: What Role Will Biometrics Play in the Cyber Cold War? We’re About to Find Out

Identity School: Facial Recognition Cheat Sheet

Sponsored Links

TECH5 showcase logo

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases. 

Learn more: www.tech5.ai

Onfido logo

Onfido is building the new identity standard for the internet.Our AI-based technology assesses whether a user’s government-issued ID is genuine or fraudulent, and then compares it against their facial biometrics. That’s how we give companies like Revolut, Zipcar and Bitstamp the assurance they need to onboard customers remotely and securely. Our mission is to create a more open world, where identity is the key to access.. For more information, please visit www.onfido.com

ThreatMark brings trust to the digital world by providing cutting-edge fraud prevention solutions. Major banks use ThreatMark’s AI-powered technology and behavioral biometrics to build secured banking experience to precisely verify their legitimate users, seamlessly across all digital channels. All while securing the users’ most precious assets and keeping the fraudsters away. Learn more: www.threatmark.com/

With its secunet border gears product portfolio and specialised consulting expertise, secunet supports police forces and security authorities in their sovereign tasks. Whether ABC gates, self-service kiosks or biometric middleware – each component helps to strengthen identity protection and to accelerate verification – in mobile and stationary scenarios.

Mobile ID World Logo

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Recent Posts

  • Authentication, Border Screening, Surveillance – Biometrics News Digest for August 10, 2022
  • IDEX and Reltime Collaborate On Crypto-focused Web3 Biometric Card
  • America’s Most Murderous City Reverses Its Facial Recognition Ban
  • Innovatrics’ DOT Enables Selfie-based Hotel Check-in
  • Ping to Go Private in $2.8 Billion Deal

Biometric Associations

IBIA and fido

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2022 FindBiometrics