What Happened: Two Israeli researchers Noam Rotem and Ran Locar revealed that Biostar 2, a biometrics lock system managed by security company Suprema, had a major data breach. The breach allowed public access to 28 million records and 23GB of data, including fingerprints, facial recognition data, passwords and security clearance information.
Reason for Concern: Finger prints, facial recognition, encrypted usernames and passwords, and other valuable information of employees for banks, defense contractors, and even the UK Metropolitan Police were exposed, making this breach incredibly dangerous. Speaking to The Guardian, Rotem revealed why this information being public and not encrypted, especially fingerprints can be so dangerous.
A few examples include:
- Ability to change and add new users and users data.
- Edit or manipulate an existing user’s data and add his own fingerprint or picture.
- After editing an existing user this person than has all of the access of that original user.
- They can make an entirely new account and give themselves security clearance and access to any data.
Takeaway: This breach is super alarming because for a biometric security company to be breached is drastically different from any other company having data stolen. People can change passwords, enable ad blockers, take steps to secure their privacy on the internet, but you can’t change your fingerprint. The collection, copying, and potential sale of your fingerprint can only be a bad thing. As bio-collections becomes the norm, like unlocking your phone with FaceID or your thumb-print, take extreme caution when giving this info to companies.