Biostar 2, the biometric lock system managed by the Suprema security company that uses fingerprints and facial recognition technology to give access to authorized buildings had a strong security flaw that left her exposed almost 28 million records and 23 GB of biometric data, including facial recognition data, passwords, security authorization information and more than 1 million fingerprints.
The gap was discovered by cybersecurity companies Noam Rotem and Ran Locar (belonging to VPN vpnmentor). They realized that the data was publicly available and that by manipulating the URL search criteria they could access all biometric records. Last month, the platform was integrated into another access system, AEOS, whichs used by 5,700 organizations in 83 countries, including the United Kingdom Metropolitan Police, banks and defense companies.
The Rotem company said it made numerous attempts to contact Suprema before bringing its findings to the press, but has not yet received an answer. Meanwhile, Suprema's chief marketing officer, Andy Ahn, said in an interview with The guardian that the company had made an "in-depth evaluation" of the vpnmentor investigation and that it would inform customers if there was a threat.
"If there has been a definitive threat to our products and / or services, we will take immediate action and make the appropriate announcements to protect our customers' valuable businesses and assets," he said. The vulnerability has been closed since then.