Security company Suprema recently discovered that its biometric security system is unencrypted and open to the public. This means millions of users’ personal information are easy targets for cyber attacks. Security researchers working with a virtual private networks service company, vpnmentor, analyzed Suprema’s system. They were shocked at the amount of open data that they were able to access.
The Guardian reports that “researchers had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff.” This discovery highlights a potential leak, which could lead to fraud, identity theft, and other serious issues.
Because people are unable to change their fingerprints like they can change their passwords or credit card numbers after a leak, this access to fingerprint data is particularly alarming. Researchers discovered that Suprema was keeping the actual fingerprints of users on file rather than modifying the prints to prevent use by cybercriminals.
Not only were researchers able to access data on users in the UK, U.S., Indonesia, India, and Sri Lanka, they also found that they had the ability to modify users’ information. Furthermore, they were able to add their own information into the system thereby gaining access into secure buildings.
Following the release of vpnmentor’s information, Suprema remedied the issue. The company has assured customers that it would inform users if there was a breach in the system.
Improving Biometric Security
Biometrics–using a person’s unique features in their face, fingerprints, and eyes– is becoming a more common security practice. With the growing threat of cyber attacks and identity theft, individuals are trying to keep their personal data secure. However, even using your own personal identifiers is not 100% secure. George Brotoff on GNC wrote “Fingerprints have been spoofed with adhesive tape and gummies, while photos, videos, masks, and makeup have all been used to defeat facial recognition.”
Liveliness Detection might be the key to avoiding such security weaknesses. Biometric systems using liveliness detection help verify real users through both active and passive measures. Active measures detect your facial movement, like your eyes blinking, to ensure you are the right person. Passive measures study the depth of your face to make sure a real person is there rather than an image.
Although liveliness detection has its flaws, it is one more step to add protection to individuals’ information.
Biometric Security at the Airport
If you’re a United Airlines Mileage Plus member, you may be aware that United recently partnered with CLEAR. CLEAR is an organization that uses fingerprints to speed up your time in line at the airport.
In the press release, it states that U.S. United MileagePlus members can get a free or discounted CLEAR membership,which they can utilize at airports that offer United flights. CLEAR is available at a few airports, including the Houston George Bush International Airport and Newark International Airport as of this summer.
Protecting your Biometrics
Protecting your unique biometrics is key to preventing a leak of your information. IEEE offers a number courses on biometrics, which cover both technical and ethical aspects of the technology. View the courses on the IEEE Learning Network, a new learning management platform!
Brostoff, George. (1 August 2019). Safety in biometric identification: Liveness detection technology. GNC.
(29 July 2019). United Airlines and CLEAR Partner to Make Travel Easier for MileagePlus® Members. Yahoo! Finance.
Conikee, Chetan. (14 August 2019). Suprema Security Breach: Protecting Apps from BioMetric Security Flaws. Security Boulevard.
Taylor, Josh. (14 August 2019). Major breach found in biometrics system used by banks, UK police and defense firms. The Guardian.