Another UK Cyber Security Vulnerability Exposed

Time to change your work passwords? Not just potentially sensitive personal data, but security information as well, on an unprotected site. There should be criminal proceedings against those responsible.

'A biometrics database used by the police, banks and defence contractors has been discovered online unprotected, with the fingerprints and facial recognition scans unencrypted. Furthermore, the Biostar 2 database - used as part of security systems for warehouses and offices - also contained user names, passwords and other personal information. And the database was so exposed that data could easily be manipulated, and new accounts with corresponding biometrics added

'The unprotected database was discovered by Israeli security researchers and ‘hacktivists' Noam Rotem and Ran Locar, who run the VPNMentor service, which tests VPNs for speed, security, support and other features, and lists only legitimate and secure VPNs. The database was discovered by Rotem and Locar in a routine scan last week. They found that not only was the Biostar 2 database unprotected, but that its sensitive contents were largely unencrypted.

'The researchers told The Guardian that they were able to access more than 27.8 million records and data amounting to 23GB. The information included dashboards, fingerprint data, facial recognition data, access logs, security levels and clearance and even unencrypted user names and passwords, and the personal details of staff. Furthermore, the data was being updated in real-time, enabling Rotem and Locar to see who was accessing which part of the buildings where they worked.'

Last edited:
If they've lost the actual fingerprints then you'll need to change those too....

Biometrics are a username, not a password ;)
Good point, well made; both apparently compromised.
Norbain offered us the Biostar kit some time ago when it was in Beta testing.The rep had no idea what he was selling.Sounds like we had a lucky escape.

New Posts

Latest Threads