While working on a web-mapping project, vpnMentor researchers Noam Rotem and Ran Locar discovered a publicly accessible database containing fingerprint records of over 1 million users, facial recognition information, personal information and much more.
The database is run by Suprema, a global corporation headquartered in South Korea, and it’s where information gathered through its web-based Biostar 2 smart lock platform is stored.
Biostar 2 uses facial recognition and fingerprinting technology to identify users and is used by various organizations to control access to secure areas of facilities, manage user permissions, integrate with 3rd party security apps, and record activity logs.
“The team discovered that huge parts of BioStar 2’s database are unprotected and mostly unencrypted. The company uses an Elasticsearch database, which is ordinarily not designed for URL use. However, we were able to access it via browser and manipulate the URL search criter ..
Support the originator by clicking the read the rest link below.
