Over one million users worldwide biometric data leaks / serious security flaws found in all modern Intel processors

New security research shows that a large amount of people’s personal biometric information has been leaked due to a major security flaw.

In a recent study, Noam Rotham, Ron Lukar and security research firm vpnMentor discovered that personal information of more than one million global users, including face information, usernames, passwords and other identifying information related to the Biostar 2 security platform, was due to a major security flaw. Revealed.

This information, which contains about 1.5 million cases with a volume of nearly 1 GB, is viewed on a public database.

 It is still unclear if this information was stolen, but the database hosted by them has been completely unsafe.

Biostar 2 is an international security platform that organizations around the world use to protect their advertising systems.

vpnMentor points out that the entire system of this platform has security control of buildings in the US, UK, Japan, India and the UAE.

Since the information found contains passwords and usernames, hackers may have used this information to modify or create user accounts.

This will allow them access to any suite managed by Biostar 2.

Leaking this information may have consequences for all users who have registered on this platform.

 Usernames and passwords can be used in identity scams.

This information can also be used to access any other system that uses this biometric information to identify account holders.

Worst of all, unlike usernames and passwords, users can’t change their fingerprints, and fingerprinting in this massive leak of information has put people’s accounts in serious jeopardy.

امنیت

According to the British Guardian newspaper, Suprima recently announces that the Biostar 2 platform will soon be use in the AEOS security system.

  The system is using in five countries, including government agencies, banks and the British police.

Although the security gap that has been leaking this information has already been fixing, but security researchers say Supima, which was responsible for the incident, has not responding well to their findings.

A serious security flaw has been clear in all modern Intel processors

نوعی نقص‌ امنیتی جدی در تمام پردازنده‌های مدرن اینتل یافت شده است

Bitdefender has found a serious security flaw in today’s Intel processors that stems from guesswork.

Researchers at BitDefender Security have discovered a worrying security vulnerability that exists in all modern Intel processors.

This security flaw when executed allows an attacker to access the computer’s kernel memory and, consequently, access sensitive information such as passwords and tokens and private conversations.

This security flaw affects all devices equipped with Intel CPUs that use the SWAPGS system call, a feature that enables the processor to switch between kernel and memory loop modes.

The feature is part of the Speculative Execution feature that is available on most current Intel processors and allows the processor to predict tasks and execute them if necessary.

Unfortunately, the vulnerability bypasses many of the hardware-level protections introduced after Specter and Meltdown security problems.

Intel’s latest security nightmare

Guessing can improve performance for the user, but it also provides a tempting route for people who want to access sensitive information.

Not surprisingly, many of the silicon-based attacks that we have seen in recent years have focused on this feature, such as Specter, Meletown and Foreshadow.

SWAPGS instructions are available on many processors release from year 2 on wards, including the introduction of the Ivy Bridge microarchitecture.

Newly discovered user-side security flaws affect third-generation Intel Core processors and later generations.

In addition, Bitdefender has noted that this vulnerability is also a serious threat to corporate users of servers.

Gavin Hill, head of Bitdefender’s network security products and data centers, said:

Criminals with sufficient knowledge to carry out such attacks will have access to the most critical information that is best protecting by companies and personal users;

As a result, they will be able to steal, extort, destroy and spy on them.

پردازنده اینتل

Just like many chip-level threats, those who use shared computing platforms will be among those most at risk.

Users using a cloud provider can see an attacker access sensitive information in their user space,

Include this vulnerability, including private encryption keys and passwords. Bitdefender expects the security flaw to be use as part of the attack.

Because of the inherent complexity of chip-level exploits,

the security firm does not anticipate new vulnerabilities being apply to bulk and malware.

Among the malware are EternalBlue exploits of the US National Security Agency using to release WannaCry ransomware.

The reason for the importance of the subject

Intel processors are at the heart of many of today’s computers,

so the acquisition of Intel processors will cause troublesome security problems.

If a security flaw is clear at the heart of the processor, reducing its risks will be challenging. If a solution is gains,

It is usually deploying on microcode security patches that users may be unaware of installing.

In addition, as identified with Mellatown and Spectrum vulnerabilities,

any solution to these problems will result in a significant reduction in computer performance.

پردازنده‌ی اینتل / Intel CPU

Fortunately for this particular case,

Bitdefender has been working with Intel and other companies such as the Linux Foundation

and Microsoft for more than a year to work out a solution to this problem.

 The security company recommends that users install their latest released security patch as soon as possible.

Bitdefender also recommends that enterprise users install BitDefender Hypervisor Introspection to protect chip-level attacks.

Like vulnerabilities affecting many computers worldwide, it takes time to protect all computer systems against new exploits.

It is worth noting in Heartbleed OpenSSL vulnerability that was discover in year 3,

almost three years after the initial discovery,

More than 5,000 Internet-connected devices did not install the security patch and remained unsafe.

 

Leave a Reply

Your email address will not be published. Required fields are marked *