Biostar 2 goes supernova after Israeli duo's probings
Two infosec researchers found 27 million personal data records, including a million people's fingerprints, exposed to the public along with plaintext admin credentials for the Suprema Biostar 2 system they were associated with.
The database powering South Korean company Suprema Inc's Biostar 2 biometric access control system - which controls entry and exit to secure areas in buildings around the globe, including "1.5 million installations worldwide" - was "unprotected and mostly unencrypted", according to a internet privacy researchers who found the flaws.
Noam Rotem and Ran Locar, two noted Israeli security researchers, told the Graun they'd discovered the database while port-scanning in the hope of finding "familiar IP blocks". Having found the database, they were then ..