Israeli researchers have discovered a major security breach involving a company which provides access control for thousands of organisations in more than 80 countries – including London's Metropolitan Police.
Noam Rotem and Ran Locar, working with a company called VPNMentor, discovered that Biostar 2, a platform which uses biometric face and fingerprint controls to allow access to secure areas, had left millions of records – including the fingerprints of more than one million people, photographs, names, addresses and other personal information – open to the public.
VPNMentor said that although it had discovered the unprotected nature of the data on August 5, it had taken more than a week for Suprema, the company operating Biostar 2, to make the data private.
Mr Rotem told The Guardian the pair had been able to access “plain-text passwords of administrator accounts”, which enabled them to “see in real time which user enters which facility or which room in each facility”.
