Published Date: 2019-08-14
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident involving the exposure of sensitive data, including fingerprints, occurred in August 2019 as reported in [Article 88164], [Article 88204], and [Article 88411]. 2. Steps to estimate the timeline: Step 1: The incident was reported in August. Step 2: Article 88164 was published on 2019-08-14, Article 88204 was published on 2019-08-14, and Article 88411 was published on 2019-08-21. Step 3: Based on the published dates and the mention of August in the articles, the software failure incident likely occurred in August 2019. |
| System | 1. Biostar 2 platform by Suprema [88164, 88204, 88411] |
| Responsible Organization | 1. Suprema [88164, 88204, 88411] |
| Impacted Organization | 1. UK Metropolitan Police [88164, 88204] 2. Defence contractors and banks [88164] 3. Tile Mountain, a homeware retailer [88204] 4. Power World Gyms, a gym franchise in India and Sri Lanka [88204] 5. Global Village, an annual festival in the United Arab Emirates [88204] 6. Adecco Staffing, a Belgian human resources firm [88204] |
| Software Causes | 1. Lack of encryption and protection of the database, allowing unauthorized access to sensitive data such as fingerprints, facial recognition data, usernames, passwords, and personal information [Article 88164, Article 88204]. 2. Vulnerabilities in the Biostar 2 platform, specifically in the Elasticsearch search criteria manipulation that granted access to data [Article 88164]. 3. Failure to secure the Biostar 2 system, leading to the exposure of over 1 million fingerprints and other sensitive data online [Article 88204]. 4. Inadequate response and communication from the security company, Suprema, regarding the reported vulnerabilities and breach [Article 88164, Article 88204]. 5. Potential supply chain vulnerabilities where third-party companies providing services do not have appropriate security measures in place [Article 88164]. |
| Non-software Causes | 1. Lack of proper encryption and protection of sensitive data on the database [88164, 88204] 2. Failure to respond promptly to security vulnerabilities and reports by the security researchers [88164] 3. Inadequate security measures in place for protecting biometric data [88204] 4. Failure to inform affected parties promptly about the data breach [88204] |
| Impacts | 1. Over 1 million fingerprints, facial recognition information, unencrypted usernames and passwords, personal information of employees, and other sensitive data were exposed on a publicly accessible database, potentially leading to unauthorized access to secure facilities and personal information [88164, 88204]. 2. The exposed data included admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, logs of facility access, security levels, and clearance, which could compromise the security and privacy of individuals and organizations [88164]. 3. The breach affected various organizations globally, including co-working organizations in the US and Indonesia, a gym chain in India and Sri Lanka, a medicine supplier in the UK, and a car parking space developer in Finland, among others [88164]. 4. The leaked data included nearly 30 million records, with 23 gigabytes of data exposed online, potentially leading to criminal activities and disastrous consequences for the affected businesses, organizations, employees, and clients [88204]. 5. Concerns were raised about the irreversible nature of the leaked fingerprint data, as once fingerprints are exposed, they cannot be changed or reset like passwords, posing long-term security risks for individuals [88164]. 6. The incident raised questions about the security practices of companies using third-party services, highlighting the common supply chain vulnerabilities and the need for robust security measures to prevent such breaches [88164]. 7. The breach led to reputational damage for the security company Suprema, as it faced criticism for the lack of encryption, inadequate security measures, and the potential misuse of the exposed biometric data [88164, 88204]. 8. The incident highlighted the importance of prompt and efficient responses to security vulnerabilities, as delays in addressing such issues can lead to prolonged exposure of sensitive data and increased risks of exploitation [88164]. |
| Preventions | 1. Proper encryption and security measures: Implementing strong encryption protocols and ensuring that sensitive data such as fingerprints, usernames, and passwords are properly encrypted could have prevented the exposure of data [88164, 88204, 88411]. 2. Regular security audits and vulnerability assessments: Conducting regular security audits and vulnerability assessments could have helped identify and address any weaknesses in the system before they were exploited by unauthorized parties [88164, 88204, 88411]. 3. Timely response to security reports: Promptly responding to security reports and addressing vulnerabilities reported by researchers could have prevented the data exposure incident [88164, 88204, 88411]. 4. Ethical handling of data: Ethically handling sensitive data by not downloading all the fingerprint files for research purposes could have helped limit the privacy implications and potential exposure of the data [88411]. |
| Fixes | 1. Implement proper encryption and security measures for sensitive data such as fingerprints, facial recognition data, and passwords to prevent unauthorized access and data breaches [88164, 88204, 88411]. 2. Conduct regular security audits and vulnerability assessments to identify and address potential weaknesses in the system [88164, 88204, 88411]. 3. Establish a robust incident response plan to promptly address and mitigate any security incidents or breaches [88164, 88204, 88411]. 4. Improve communication and collaboration between security researchers and companies to facilitate the responsible disclosure of vulnerabilities and ensure timely resolution [88164, 88204, 88411]. 5. Enhance oversight and monitoring of third-party vendors and service providers to ensure they maintain adequate security standards [88164, 88204, 88411]. | References | 1. Israeli security researchers Noam Rotem and Ran Locar working with vpnmentor [Article 88164] 2. Cyber-security firm VPNMentor [Article 88204] 3. Suprema [Article 88204, Article 88411] 4. Metropolitan Police [Article 88204] 5. Timeware [Article 88204] 6. University College London security researcher [Article 88411] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) The software failure incident related to the exposure of sensitive data, including fingerprints and other personal information, happened again at Suprema, the security company responsible for the Biostar 2 biometrics lock system. This incident involved the exposure of over 1 million fingerprints, facial recognition data, unencrypted usernames and passwords, and personal information of employees due to an unprotected and mostly unencrypted database ([88164], [88204], [88411]). (b) The incident also affected multiple organizations beyond Suprema. Some of the organizations affected by the breach included Tile Mountain, a homeware retailer in the UK, Power World Gyms in India and Sri Lanka, Global Village in the UAE, and Adecco Staffing in Belgium. These organizations had their data exposed, including fingerprints and other sensitive information, due to the security flaw in the Biostar 2 system ([88204]). |
| Phase (Design/Operation) | design, operation | (a) The software failure incident related to the design phase: The incident involving the exposure of sensitive data, including over 1 million fingerprints, facial recognition information, unencrypted usernames and passwords, and personal information of employees, was a result of a design flaw in the Biostar 2 platform developed by Suprema. The database of Biostar 2 was found to be unprotected and mostly unencrypted, allowing security researchers to easily manipulate the URL search criteria in Elasticsearch to gain access to the data [88164, 88204]. (b) The software failure incident related to the operation phase: The failure in the operation phase was evident in the way the Biostar 2 system was being used by various organizations. The exposed data, including fingerprint records, photographs, facial recognition data, names, addresses, passwords, employment history, and access records, indicated a failure in the operation or misuse of the system. Additionally, the difficulty faced by researchers in reporting the exposed data to Suprema, with some individuals hanging up the phone, highlighted operational challenges in addressing security breaches effectively [88204]. |
| Boundary (Internal/External) | within_system, outside_system | (a) The software failure incident related to the exposure of sensitive data from the Biostar 2 system can be categorized as a within_system failure. The incident was caused by factors originating from within the system itself, specifically due to the lack of proper security measures and encryption protocols within the Biostar 2 platform. The exposed data included over a million fingerprints, facial recognition data, usernames, passwords, logs of facility access, and personal details of staff [88164, 88204, 88411]. The vulnerability was a result of the database being unprotected and mostly unencrypted, allowing researchers to manipulate the URL search criteria in Elasticsearch to gain access to the data [88164]. The exposed data also included photographs of people, employment history, and records of access to secure areas [88204]. The incident highlighted the importance of implementing robust security measures within the system to prevent unauthorized access and data breaches. (b) Additionally, the software failure incident can also be considered as an outside_system failure to some extent. This is because the exposure of sensitive data was discovered by external security researchers, Noam Rotem and Ran Locar, who were running a side project to scan ports looking for vulnerabilities in companies' systems [88164]. The researchers found the Biostar 2 database exposed online, indicating that the breach was detected externally rather than being identified internally by the company responsible for the system. The external nature of the discovery suggests that the vulnerability was not initially recognized or addressed by the company, Suprema, highlighting the importance of external scrutiny and testing to identify potential weaknesses in software systems. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident occurring due to non-human actions: - The software failure incident in the articles was primarily due to a non-human action, specifically a vulnerability in the Biostar 2 platform developed by Suprema. The exposed data, including over a million fingerprints, facial recognition data, unencrypted usernames and passwords, and personal information, was a result of the database being unprotected and mostly unencrypted, allowing researchers to access the data by manipulating the URL search criteria in Elasticsearch [88164, 88204]. - The vulnerability in the Biostar 2 system was discovered by Israeli security researchers Noam Rotem and Ran Locar, who were scanning ports looking for familiar IP blocks and found the unprotected database. This non-human action of scanning for vulnerabilities led to the exposure of sensitive data [88164]. (b) The software failure incident occurring due to human actions: - Human actions also played a role in the software failure incident. The researchers who discovered the vulnerability in the Biostar 2 system were actively searching for security holes in companies' systems. They manipulated the URL search criteria in Elasticsearch to gain access to the data, indicating a deliberate effort to exploit the system's weaknesses [88164]. - Additionally, the researchers had difficulty when trying to report the exposed data to Suprema, as they faced challenges such as people hanging up the phone when contacted. This lack of responsiveness from individuals within the company could be considered a human action contributing to the handling of the software failure incident [88204]. |
| Dimension (Hardware/Software) | software | (a) The software failure incident related to hardware: - The software failure incident involving the exposure of sensitive data, including fingerprints and personal information, was not directly attributed to hardware issues but rather to a vulnerability in the software system. The incident was caused by the Biostar 2 biometrics lock system, a web-based software platform developed by Suprema, which allowed unauthorized access to a publicly accessible database [88164, 88204, 88411]. (b) The software failure incident related to software: - The software failure incident was primarily due to software vulnerabilities in the Biostar 2 platform developed by Suprema. The exposed data, including fingerprints, facial recognition data, usernames, passwords, and personal details, was a result of the software system being unprotected and mostly unencrypted, allowing researchers to manipulate the URL search criteria to gain access to the data [88164, 88204, 88411]. |
| Objective (Malicious/Non-malicious) | malicious, non-malicious | (a) The software failure incident related to the exposure of over 1 million fingerprints and sensitive data from the Biostar 2 system was malicious in nature. The incident involved unauthorized access to a publicly accessible database by security researchers, leading to the exposure of sensitive information such as fingerprints, facial recognition data, usernames, passwords, and personal details of employees [88164, 88204, 88411]. The researchers were able to manipulate the URL search criteria to gain access to the data, indicating a deliberate attempt to breach the system and extract valuable information. Additionally, the fact that the exposed data could be used for criminal activities highlights the malicious intent behind the software failure incident. (b) On the other hand, the software failure incident can also be categorized as non-malicious as it involved a vulnerability in the Biostar 2 system that allowed unauthorized access to sensitive data. The incident was discovered by security researchers who were conducting scans for familiar IP blocks and found the database unprotected and mostly unencrypted [88164, 88204, 88411]. The exposure of the data was not intentional on the part of the system users or administrators but rather a result of a security flaw in the system that left it vulnerable to exploitation. The incident highlighted the importance of addressing security vulnerabilities to prevent such non-malicious failures in the future. |
| Intent (Poor/Accidental Decisions) | poor_decisions | (a) The intent of the software failure incident related to poor_decisions: - The software failure incident involving the exposure of sensitive data, including over a million fingerprints, was primarily due to poor decisions made in the design and implementation of the Biostar 2 biometrics lock system by Suprema [88164, 88204, 88411]. - The exposed data, which included unencrypted usernames and passwords, facial recognition data, and personal information, was found on a publicly accessible database due to poor security measures such as lack of encryption and protection [88164, 88204]. - Researchers discovered that the Biostar 2 database was unprotected and mostly unencrypted, allowing them to access over 27.8 million records and 23 gigabytes of data, including sensitive information like admin panels, fingerprint data, and personal details of staff [88164]. - The incident highlighted the poor decision of storing actual fingerprints instead of hashed fingerprints, making it possible for malicious actors to copy and misuse the biometric data [88164]. - Despite the severity of the breach, Suprema initially downplayed the reports of the fingerprint leak, indicating a lack of immediate acknowledgment and appropriate response to the security vulnerability [88411]. (b) The intent of the software failure incident related to accidental_decisions: - The software failure incident was not primarily attributed to accidental decisions or unintended mistakes but rather to deliberate actions or oversights that led to the exposure of sensitive data [88164, 88204, 88411]. - The researchers who discovered the data breach made deliberate efforts to scan for vulnerabilities in companies' systems, indicating a systematic approach to identifying security weaknesses rather than accidental discovery [88164]. - The incident involved intentional manipulation of the URL search criteria in Elasticsearch to gain unauthorized access to the Biostar 2 database, suggesting a targeted effort to exploit the security flaw [88164]. - The lack of encryption and protection of the database, as well as the storage of actual fingerprints instead of hashed versions, were not accidental decisions but deliberate choices that contributed to the severity of the breach [88164]. |
| Capability (Incompetence/Accidental) | development_incompetence, accidental | (a) The software failure incident occurring due to development incompetence: - The incident involving the exposure of sensitive data, including over 1 million fingerprints, was attributed to a lack of professional competence in securing the Biostar 2 platform developed by Suprema. The database was found to be unprotected and mostly unencrypted, allowing researchers to easily access and extract data [88164, 88204]. - The security researchers highlighted that the system stored actual fingerprints instead of hashed versions, making it vulnerable to malicious use. This lack of proper encryption and security measures demonstrated a failure in professional competence in handling sensitive biometric data [88164]. - Noam Rotem, one of the researchers involved, mentioned that such vulnerabilities were common in various systems, indicating a widespread issue of development incompetence in ensuring proper security measures are in place [88164]. (b) The software failure incident occurring accidentally: - The incident involving the exposure of sensitive data, including fingerprints, was not intentional but rather accidental. The researchers stumbled upon the unprotected database while scanning ports for familiar IP blocks, indicating that the exposure was not a deliberate act but a result of system vulnerabilities [88164, 88204]. - The researchers did not download all the fingerprint files for ethical reasons, showing that the exposure of the data was accidental and not a deliberate attempt to obtain and misuse the information [88411]. |
| Duration | temporary | (a) The software failure incident in the articles was temporary. The incident involved a breach where sensitive data, including over a million fingerprints, was exposed online due to a security flaw in the Biostar 2 biometric security software [88164, 88204, 88411]. The exposed data was discovered on August 5th and made private on August 13th [88204]. The access point that led to the exposure was closed, and an investigation found that the scope of the leak was less than initially reported [88411]. The incident was not a permanent failure but rather a temporary breach that was addressed and investigated by the company responsible for the software. |
| Behaviour | omission, value, other | (a) crash: The software failure incident did not involve a crash where the system loses state and does not perform any of its intended functions. The incident was more related to a data breach where sensitive information was exposed online [88164, 88204, 88411]. (b) omission: The software failure incident did involve omission where the system omitted to perform its intended functions at an instance(s). In this case, the Biostar 2 system omitted to secure the database properly, leading to the exposure of sensitive data including fingerprints, facial recognition data, usernames, passwords, and personal information [88164, 88204, 88411]. (c) timing: The software failure incident did not involve a timing issue where the system performed its intended functions correctly but too late or too early. The issue was more related to a lack of proper security measures leading to data exposure [88164, 88204, 88411]. (d) value: The software failure incident did involve a value issue where the system performed its intended functions incorrectly. The incorrect functioning in this case was the lack of proper encryption and protection of sensitive data, leading to a significant data breach [88164, 88204, 88411]. (e) byzantine: The software failure incident did not involve a byzantine behavior where the system behaved erroneously with inconsistent responses and interactions. The incident was more about a security vulnerability that allowed unauthorized access to sensitive data [88164, 88204, 88411]. (f) other: The other behavior observed in this software failure incident was a significant security flaw that allowed researchers to access over 27.8 million records, 23 gigabytes of data, and manipulate the system to add new users, change data, and potentially access secure facilities without authorization. This behavior highlights a critical security oversight in the system [88164, 88204]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | sensor, processing_unit, network_communication, embedded_software | (a) sensor: Failure due to contributing factors introduced by sensor error - The software failure incident related to the exposure of sensitive data from the Biostar 2 system involved the leakage of over a million fingerprints and other data due to a vulnerability in the system's sensor technology, specifically the fingerprint readers used for biometric authentication [Article 88204]. - The exposed data included fingerprint records, photographs of people, facial recognition data, names, addresses, passwords, employment history, and records of access to secure areas, indicating a sensor-related failure in securing and protecting this sensitive information [Article 88204]. (b) actuator: Failure due to contributing factors introduced by actuator error - There is no specific mention of an actuator-related failure in the articles provided. (c) processing_unit: Failure due to contributing factors introduced by processing error - The software failure incident involved a breach in the Biostar 2 system's processing unit, where cyber-security researchers were able to access and manipulate the database by exploiting vulnerabilities in the system's processing mechanisms [Article 88164]. - The exposed data included unencrypted usernames and passwords, logs of facility access, security levels, and personal details of staff, indicating a processing-related failure in adequately securing and encrypting this information [Article 88164]. (d) network_communication: Failure due to contributing factors introduced by network communication error - The software failure incident involved a breach in the Biostar 2 system's network communication, as researchers were able to access the database by manipulating the URL search criteria in Elasticsearch, highlighting a failure in securing the network communication channels of the system [Article 88164]. - The exposed data included admin panels, dashboards, fingerprint data, facial recognition data, and face photos of users, indicating a network communication-related failure in protecting the transmission and storage of this sensitive data [Article 88164]. (e) embedded_software: Failure due to contributing factors introduced by embedded software error - The software failure incident related to the Biostar 2 system's exposure of sensitive data was attributed to a vulnerability in the embedded software of the system, which allowed researchers to access over 27.8 million records and 23 gigabytes of data, including unencrypted usernames and passwords, logs of facility access, and personal details of staff [Article 88164]. - The researchers were able to exploit flaws in the embedded software to gain unauthorized access to the database and manipulate user accounts, highlighting a failure in the security measures implemented within the embedded software of the system [Article 88164]. |
| Communication | connectivity_level | The software failure incident related to the communication layer of the cyber physical system that failed was at the connectivity_level. The incident involved a breach in the security system Biostar 2, developed by Suprema, which allowed unauthorized access to sensitive data including fingerprints, facial recognition data, usernames, passwords, and personal information of users [88164, 88204, 88411]. This breach was due to the system being exposed online, allowing cyber-security researchers to access and extract data from the network or transport layer, indicating a failure at the connectivity level of the cyber physical system. |
| Application | TRUE | The software failure incident related to the application layer of the cyber physical system that failed is described in the articles. The incident involved a breach in the Biostar 2 biometrics lock system, where over 1 million fingerprints, facial recognition data, unencrypted usernames and passwords, and personal information were exposed due to a publicly accessible database. The breach was attributed to the system's database being unprotected and mostly unencrypted, allowing researchers to manipulate the URL search criteria in Elasticsearch to gain access to sensitive data [Article 88164, Article 88204]. This failure can be categorized as an application layer failure as it resulted from vulnerabilities in the system's design and implementation, such as lack of encryption and improper access controls. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | property, non-human, theoretical_consequence | (a) unknown (b) unknown (c) unknown (d) The software failure incident led to the exposure of sensitive data such as fingerprints, facial recognition data, names, addresses, passwords, employment history, and records of access to secure areas, impacting people's data security and privacy [88164, 88204, 88411]. (e) unknown (f) The software failure incident impacted non-human entities such as exposing biometric data, including fingerprints and facial recognition data, stored in the Biostar 2 system [88164, 88204, 88411]. (g) unknown (h) Theoretical consequences discussed included the potential misuse of leaked fingerprint data for criminal activities and the inability to change fingerprints once they are leaked [88164, 88204]. (i) unknown |
| Domain | information, government, other | (a) The failed system was related to the industry of information. The Biostar 2 biometrics lock system, developed by Suprema, was intended for centralised control for access to secure facilities like warehouses or office buildings, using fingerprints and facial recognition for identification [Article 88164]. (l) The failed system was also used by the government sector. The UK Metropolitan police, as well as governments in various countries, were among the organizations using the Biostar 2 platform integrated into the AEOS access control system [Article 88164, Article 88204]. (m) The failed system was also related to other industries such as co-working organizations, gym chains, medicine suppliers, car parking space developers, and more. These organizations in various sectors were affected by the data breach of the Biostar 2 system [Article 88164]. |
Article ID: 88164
Article ID: 88204
Article ID: 88411