Researchers Expose Breach in Biometrics System Used by UK Police

biometrics eye tracking

Israeli security researchers discovered that a company used by the UK Metropolitan police, defense contractors and banks left millions of records unprotected. Data included biometric information. Noam Rotem and Ran Locar handed their research to the Guardian. The loophole had reportedly been closed by the time of this writing.

In a search last week, the researchers found Biostar 2’s database was unprotected and mostly unencrypted. They were able to search the database by manipulating the URL search criteria in Elasticsearch to gain access to data. The researchers had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff. Much of the usernames and passwords were not encrypted, Rotem told the Guardian. “We were able to find plain-text passwords of administrator accounts,” he said.

Check It Out: Researchers Expose Breach in Biometrics System Used by UK Police

One thought on “Researchers Expose Breach in Biometrics System Used by UK Police

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WIN an iPhone 16 Pro Max!