Podcast Episode Details
Back to Podcast Episodes
Biometric Security Data Breach, Critical Windows Vulnerabilities, FBI Data Harvesting
You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technology…with your host, Tom Eston. In episode 82 for August 19th 2019: The BioStar2 biometric security data breach, wormable vulnerabilities in Microsoft Windows, and the FBI trying to harvest your social media data.
Can you believe that this week we’re celebrating the 10 year anniversary of this podcast? For the last 10 years we’ve been talking about how your private information can be exposed through data breaches, vulnerabilities, exploits, and even through the wireless capabilities of our smartphones and laptops. It seems that in the last 10 years it’s only gotten worse. That’s why I recommend the use of a Silent Pocket faraday bag to protect my smartphone and laptop so I can have true piece of mind that my devices are protected when I’m not using them. Visit silentpocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. Don’t forget, as a listener of this podcast you receive 15% off your order at checkout using discount code “sharedsecurity”.
Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and privacy topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
On August 5th security researchers from vpnMentor disclosed a massive data breach in a biometrics security platform called BioStar2. vpnMentor has been doing a large web-mapping project across the internet which had identified this unsecured database. BioStar2 is a web based biometric security smart lock platform, built by a company called Suprema, and is used to administer physical access controls to facilities. The core technology of the product uses facial recognition and fingerprints to identify users. Suprema recently partnered with a firm to integrate the software into over 5,700 organizations in 83 countries. Most of these customers also happen to be in Europe. Shockingly, many European governments, banks and even the UK Metropolitan Police use this system for the security of their facilities. The data that was leaked in the breach, which totaled over 27.8 million records, included personal information of employees, unencrypted usernames and passwords, and to top it all off over 1 million fingerprint records and facial recognition data. We’re talking about the actual fingerprints and images of users which as you know can’t be changed like a password can. This alone is extremely concerning as this data combined with other personal information from the data leak are perfect for identity theft or other fraud. The good news is that after vpnMentor attempted several times to contact the company about the breach they finally took the database offline. Check out our show notes for links to further information as well as a listing of the companies and countries affected by this data breach.
Last week Microsoft announced four new critical vulnerabilities for Windows that are wormable, meaning, they can be exploited by malware to install and propagate from one computer to another without any user interaction. The last time we had to deal with a wormable vulnerability like this was back in May of this year when Microsoft patched another serious vulnerability called ‘Bluekeep’ which at the time had a close resemblance to the WannaCry malware. WannaCry caused major issues for companies and individuals across the world back in 2017. The vulnerabilities in all of these cases reside in Remote Desktop Services (abbreviated as ‘RDP’) and more specifically have to do with vulnerabilities in the pro
Published on 6 years, 4 months ago