Supremely Secure?
October 19, 2019
Suprema is a South Korean security company that specializes in cyber security. One of Suprema’s products are a line of fingerprint readers. The BBC reports that the company was hacked, “Biostar 2: Suprema Plays Down Fingerprint Leak Report.” A cyber security research group hacked Suprema’s Biostar 2, accessed customer information, then alerted Suprema to the leak.
The cyber security research group’s action was benign, but it did point to a flaw in the system and Suprema was not happy. Suprema assured their clients that none of the information was breached and that the amount of customers affected was very small. A South Korean police force was worried they were among the potential victims, but apparently no biometrics systems were exposed.
“The dispute over how big the leak was can be explained by the fact the researchers say they did not, for ethical reasons, attempt to download all the fingerprint files.Rather, they had taken “hundreds” of samples of data, said Mr Rotem. And these appeared to encode fingerprint patterns from a random selection of accounts in the Biostar 2 dataset. They then used Suprema’s software to convert about half a dozen examples into visible fingerprint patterns. From this, they estimated the dataset contained “at least over a million” fingerprint patterns in total. “We have evidence that biometric data was leaked,” Mr Rotem told BBC News.”
The actual data sets were not downloaded due to ethnical reasons. The research team actually did Suprema a favor by pointing out the crack before bad actors access the system, but Suprema would have preferred that one of their system regulators had discovered the issue. It should not matter who found the leak, because customers were at stake. Suprema sells security, but does not practice it.
Whitney Grace, October 19, 2019