Not very Suprema: Biometric access biz bares 27 million records and plaintext admin creds

Not very Suprema: Biometric access biz bares 27 million records and plaintext admin creds

Biostar 2 goes supernova after Israeli duo's probings


Two infosec researchers found 27 million personal data records, including a million people's fingerprints, exposed to the public along with plaintext admin credentials for the Suprema Biostar 2 system they were associated with.


The database powering South Korean company Suprema Inc's Biostar 2 biometric access control system - which controls entry and exit to secure areas in buildings around the globe, including "1.5 million installations worldwide" - was "unprotected and mostly unencrypted", according to a internet privacy researchers who found the flaws.


Noam Rotem and Ran Locar, two noted Israeli security researchers, told the Graun they'd discovered the database while port-scanning in the hope of finding "familiar IP blocks". Having found the database, they were then ..