,
9 tweets,
2 min read
Read on Twitter
“security researchers had access to over 27.8m records & 23gb of data inc admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames, passwords, logs of facility access, security levels& clearance & personal details of staff”
2/. The access allows first of all seeing millions of users are using this system to access different locations and see in real time which user enters which facility or which room in each facility, even.”
They could change user names & passwords.
They could change user names & passwords.
3/. “This would mean that he could edit an existing user’s account and add his own fingerprint and then be able to access whatever building that user is authorised to access, or he could just add himself as a user with his photo and fingerprints.”
Crikey.
Crikey.
4/. the researchers said they were able to access data from co-working organisations in the US and Indonesia, a gym chain in India and Pakistan, a medicine supplier in the United Kingdom, and a car parking space developer in Finland, among others.
5/. the service is in 1.5m locations across the world and because, unlike passwords being leaked, when fingerprints are leaked, you can’t change your fingerprint.
6/. ““Instead of saving a hash of the fingerprint (that can’t be reverse-engineered) they are saving people’s actual fingerprints that can be copied for malicious purposes,”
So foreign security services could have exploited that breach and we would not know.
Extraordinary
So foreign security services could have exploited that breach and we would not know.
Extraordinary
7/. Even worse.
“The researchers made multiple attempts to contact Suprema before taking the paper to the Guardian late last week. Early Wednesday morning (Australian time) the vulnerability was closed, but they still have not heard back from the security firm.”
“The researchers made multiple attempts to contact Suprema before taking the paper to the Guardian late last week. Early Wednesday morning (Australian time) the vulnerability was closed, but they still have not heard back from the security firm.”
8/. Furthermore the researchers say that such security breaches are quite common. They find three or four a week, often finding quite sensitive data.
The way organisations respond varies too.
The way organisations respond varies too.
9/. Time to chop off you fingers, girls and boys and grow new ones for every use.
Remembering to save your old one for the purposes of changing your password etc.
“New fingers every time please!”
Remembering to save your old one for the purposes of changing your password etc.
“New fingers every time please!”
