Antheus Tecnologia’s web server exposed records of 76,000 unique fingerprints. Researchers reported this on Wednesday. The unsecured data also included employee email addresses and telephone numbers.
Anurag Sen, the researcher, published his findings on Safety Detectives. The database contained around 2.3 million data points, mostly server access logs. Sen confirmed that the database is now secured. He processed the fingerprint data as binary data, a series of ones and zeroes.
Anurag Sen further said that bad actors could transform that data back into a biometric fingerprint picture.
And even though they are not able to find a way to use the data for immoral purposes, that will change as technology progresses, “It might be that in the future they’ll find a way to exploit it,” Sen said. “Fingerprints are permanent throughout life.”
Although, we didn’t get an immediate response from Antheus Tecnologia to a request for comment.
Research is an excellent example of exposed databases, a growing issue that presents confidential data to everyone with the right I.P. address. As mostly the companies transfer internal data from their servers into the cloud, inexperienced I.T. staff frequently abandons the web-based databases accidentally without password protection. This disclosed Peru’s national identification numbers, personal contact details stored in a U.K. marketing database, and medical histories of opioid recovery patients in the U.S. Investigators are looking for the vulnerabilities and trying to get the data to safe businesses.
Protecting emails and other online accounts with passwords isn’t the only way to keep cloud services secure. A new feature from MongoDB software maker lets database managers store encrypted cloud data. You need to switch on this feature and configure the solutions properly for them to work..
The fingerprint data includes ridge bifurcation and ridge end data, identifying characteristics used to break fingerprints separately. Logs in the accessible cache also let researchers see which records a particular fingerprint scan is associated with. Many significant breaches to fingerprint data include misuse by the U.S. Personnel Management Office in 2015, where hackers stole background check data on government employees, including over 1 million fingerprints.
Sen claimed in his report with Safety Detectives that the value of holding fingerprints data stored securely is growing. However, academic researchers have created biometric replicas that can fool fingerprint readers in a virtual environment (they didn’t check real phones). In the future, hackers could use a high-quality fake to access your mobile phone or computer’s private information. Sen said, “such as texts, images, and methods of payment stored on your system.”
