“security researchers had access to over 27.8m records & 23gb of data inc admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames, passwords, logs of facility access, security levels& clearance & personal details of staff”
2/. The access allows first of all seeing millions of users are using this system to access different locations and see in real time which user enters which facility or which room in each facility, even.”

They could change user names & passwords.
3/. “This would mean that he could edit an existing user’s account and add his own fingerprint and then be able to access whatever building that user is authorised to access, or he could just add himself as a user with his photo and fingerprints.”

Crikey.
4/. the researchers said they were able to access data from co-working organisations in the US and Indonesia, a gym chain in India and Pakistan, a medicine supplier in the United Kingdom, and a car parking space developer in Finland, among others.
5/. the service is in 1.5m locations across the world and because, unlike passwords being leaked, when fingerprints are leaked, you can’t change your fingerprint.
6/. ““Instead of saving a hash of the fingerprint (that can’t be reverse-engineered) they are saving people’s actual fingerprints that can be copied for malicious purposes,”

So foreign security services could have exploited that breach and we would not know.

Extraordinary
7/. Even worse.

“The researchers made multiple attempts to contact Suprema before taking the paper to the Guardian late last week. Early Wednesday morning (Australian time) the vulnerability was closed, but they still have not heard back from the security firm.”
8/. Furthermore the researchers say that such security breaches are quite common. They find three or four a week, often finding quite sensitive data.

The way organisations respond varies too.
9/. Time to chop off you fingers, girls and boys and grow new ones for every use.

Remembering to save your old one for the purposes of changing your password etc.

“New fingers every time please!”
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Fionna O'Leary, Rees Mogg Can Call me Sir #FBPE
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!