±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 36595
New Yesterday: 4 Visitors: 145

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

If this is one of the world’s leading security manufacturer

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts

Senior Member

If this is one of the world’s leading security manufacturer

Post Posted: Aug 14, 19 11:52

... I wonder what one could find in "not-so-leading" ones:


Biometrics platform used by UK police stored millions of unhashed fingerprints on unsecured database


Researchers have discovered a 23GB database containing “almost every kind of sensitive data available”

An unencrypted Elasticsearch database containing millions of fingerprints, facial recognition information, unencrypted usernames and passwords, and personal information on employees has been discovered by researchers.

The database belongs to Biostar 2, a biometric security platform recently integrated into AEOS, an access control system used by the UK Metropolitan Police. In total AEOS is used by over 5,700 organisations across 83 countries, including large multinational corporations, small businesses, governments, banks and defence firms.

Suprema, the company who built Biostar 2, is considered one of the world’s leading security manufacturers and is the leading biometric access control provider in EMEA. Biostar 2 enables admins to control both physical security and application security from a single pane of glass.

Another snippet to note:

The researchers expressed frustration over the time it took for Biostar 2 to close the breach once they alerted the company to their findings on 5th August. After failing to contact Biostar 2 via email, two days later they called the German branch who said they “didn’t speak to vpnMentor” before hanging up.

The researchers then spoke to a “more cooperative” French branch who took measures to close the breach. The breach was closed on 13 August, over a week after Biostar 2 was first alerted to it.

Actual researchers blog (vpnMentor):

- In theory there is no difference between theory and practice, but in practice there is. - 

Page 1 of 1