Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 6 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Dissecting BioStar2’s Vulnerabilities: Biometric Databases As The New Target.

by The Gurus
November 1, 2019
in Data Protection
Dissecting BioStar2’s Vulnerabilities: Biometric Databases As The New Target.
Share on FacebookShare on Twitter

By Danielle VanZandt, Industry Analyst, Security, Frost & Sullivan

The significant breach and vulnerabilities recently discovered by vpnMentor researchers within Suprema’s BioStar 2 database are enough to scare any potential end user away from biometric security measures. With potentially over 1 million fingerprint biometrics and user passwords exposed in the breach, BioStar 2 has become the first major example of how biometric access still has its own vulnerabilities that vendors, integrators, and end users must be aware of before implementing any of these solutions within their organization.

The most egregious of BioStar 2’s vulnerabilities were its biometric database that was unprotected when connected to the internet and a lack of encryption for stored fingerprints and facial recognition bases. This allowed hackers to get into the biometric database and access stored user fingerprints and facial data, potentially add and change user profiles, and provide a convenient entry point into the end-user’s total network. Hackers were able to access passwords and log entries listing user names, profiles, biometric data, and passwords for user and administrator accounts listed in plain text—some of the most valuable data for fraudsters to obtain.

The consequences of data like this falling into the wrong hands could be catastrophic to an end user, particularly considering the breadth of BioStar 2’s customer base. Affected customers include gyms, co-working spaces, software consultancies, and consumer foods, medical, and industrial products manufacturers. It hits Suprema’s global customer base throughout North America, Europe, Asia, and the Middle East. Suprema has shown interest in expanding BioStar 2’s customer base to include government, banking, and law enforcement—verticals that will quickly shy away from any security vendor that does not have proper data security protocols in place.

Biometric data points, such as fingerprints and facial data, simply cannot be stored as full, unencrypted data points; current industry expertise emphasizes the need to have this data saved in a hashed format, preventing the biometric from being reverse-engineered by hackers. Since users cannot change their face or fingerprint, the onus falls on security vendors to ensure that processes similar to reverse hashing and database encryption pieces are top-tier to protect this valuable data from falling into the wrong hands.

While this may be one of the first data breaches to target biometric data, it most certainly will not be the last. The sheer scale of BioStar 2, unfortunately, made the system one of the first to reveal the vulnerabilities of biometric access control solutions; however, this will not stop the exponential growth and adoption rates of biometric solutions. Fingerprint and facial recognition remain the most in-demand biometrics out there for physical access solutions across various industries. This breach will not scare away potential end-user purchases; rather, it will serve to inform them of the types of security protocols a vendor must have in place before a potential end user finalizes any new system purchase. Vendors must be ready to answer end-user questions about data access, precisely how their solution stores biometric data, and what encryption protocols are in place.

End users are quickly assessing their own risk profiles and the best solutions to protect their organization. Any biometric security vendor unwilling or unable to best address an end-users’ risk concerns and data protection questions will quickly see their stature in this high-growth market diminish.

FacebookTweetLinkedIn
Share4TweetShare
Previous Post

ThreatConnect Users Can Access Near Real-Time Finished Intelligence And Technical Data From Flashpoint.

Next Post

MobileIron Named In The Second Gartner Magic Quadrant For Unified Endpoint Management Tools.

Recent News

safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023
london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information