closeicon
World

Israeli computer experts discover major security flaw in biometric system used worldwide

Noam Rotem and Ran Locar found that millions of records, including fingerprints, photographs, names and addresses, had been left unprotected

articlemain

Israeli researchers have discovered a major security breach involving a company which provides access control for thousands of organisations in more than 80 countries – including London's Metropolitan Police.

Noam Rotem and Ran Locar, working with a company called VPNMentor, discovered that Biostar 2, a platform which uses biometric face and fingerprint controls to allow access to secure areas, had left millions of records – including the fingerprints of more than one million people, photographs, names, addresses and other personal information – open to the public.

VPNMentor said that although it had discovered the unprotected nature of the data on August 5, it had taken more than a week for Suprema, the company operating Biostar 2, to make the data private.

Mr Rotem told The Guardian the pair had been able to access “plain-text passwords of administrator accounts”, which enabled them to “see in real time which user enters which facility or which room in each facility”.

He added he also “able to change data and add new users” to allow anybody to enter the buildings the accounts they had accessed could enter.

Mr Rotem said it was "crazy" what he was able to access, telling the BBC that after finding the major breach they had difficulty informing Suprema of the problem, saying that “we started calling all of the offices one by one and had to deal with people just hanging up the phone.”

Suprema told the Guardian that “if there has been any definite threat on our products and/or services, we will take immediate actions and make appropriate announcements to protect our customers' valuable businesses and assets.”

Share via

Want more from the JC?

To continue reading, we just need a few details...

Want more from
the JC?

To continue reading, we just
need a few details...

Get the best news and views from across the Jewish world Get subscriber-only offers from our partners Subscribe to get access to our e-paper and archive