NEW YORK--(BUSINESS WIRE)--SmartMetric, Inc. (OTCQB: SMME) says following the recent disclosure of more than a million users' biometric data, including actual face and fingerprint images that were exposed to hackers, it is now time for governments to look at protecting users' biometric data from poorly protected centralized data storage systems.
Israeli security researchers Noam Rotem and Ran Locar have been running a project that scans ports looking for familiar IP blocks, and then uses these blocks to find holes in companies’ systems that could potentially lead to data breaches.
These researchers discovered a security vendor that stores biometric data including managing the physical and cyber access for 5,700 organisations in 83 countries, including governments, banks, defense installations, corporations and police departments.
The researchers found usernames and passwords on this service provider's database were mostly not encrypted. They were able to find plain-text passwords of administrators' accounts on the now proven vulnerable security and access control databases. Photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff.
“The access allowed us first of all, seeing millions of users who are using this system to access different locations and see in real time even which user enters which facility or which room in each facility. We were able to change data and add new users,” the researcher Noam Rotem said.
“This would mean that he could edit an existing user’s account and add his own fingerprint and then be able to access whatever building that user is authorized to access, or he could just add himself as a user with his photo and fingerprints," the researchers said.
SmartMetric says, we view the storage of biometric data in a centralized data system as inherently risky. Any central database is, by its very nature, far riskier than a decentralized database of data. If, for instance, a user’s biometric data is distributed across each user's individual devices as opposed to being stored centrally, it would require millions of successful hacks to steal these millions of biometric data points. However, centralizing all biometric data of millions of users into a central database system would only take one successful database hack for the hackers to reap millions of users' biometric information.
“The SmartMetric biometric smartcard and credit card stores the user's fingerprint in each individual's card and explicitly prevents the card user's biometric fingerprint information from ever leaving the card. The SmartMetric card itself becomes a 'closed' decentralized database system and the on card data file look up is done by the card itself using a standalone biometric fingerprint scanner built inside the card," said today SmartMetric’s President & CEO, Chaya Hendrick.
SmartMetric has built a fully functional fingerprint scanner that sits inside the biometric smartcard and credit card. The card's authorized user stores their fingerprint inside the card and the fingerprint scanner, using a fingerprint sensor on the card's surface, uses the pre-stored fingerprint to match against the card user's fingerprint when they touch the card's sensor on the card's surface.
SmartMetric holds issued patents on its technology. Years of research and development have now culminated in a world class leading product in the biometric IOT space.
SmartMetric is a USA-based company with sales and marketing partnerships in Latin America, Europe, and the United States. Engineering of the biometric card electronics is done in-house and is the owned intellectual property of the company. SmartMetric has various patents pending and has five significant issued patents.
Safe Harbor Statement: Forward-Looking Statements in this press release, which are not historical facts, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Also such forward-looking statements are within the meaning of that term in Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. Our actual results, performance or achievements may differ materially from those expressed or implied by these forward-looking statements. In some cases, you can identify forward-looking statements by the use of words such as "may," "could," "expect," "intend," "plan," "seek," "anticipate," "believe," "estimate," "predict," "potential," "continue," "likely," "will," "would" and variations of these terms and similar expressions, or the negative of these terms or similar expressions. Such forward-looking statements are necessarily based upon estimates and assumptions that, while considered reasonable by us and our management, are inherently uncertain. Factors that may cause actual results to differ materially from current expectations include, among others, if we are unable to access the capital necessary to fund current operations or implement our plans for growth; changes in the competitive environment in our industry and the markets where we operate; our ability to access the capital markets; and other risks discussed in the Company's filings with the U.S. Securities and Exchange Commission, including our Annual Report on Form 10-K, which filings are available from the SEC. We caution you not to place undue reliance on any forward-looking statements, which are made as of the date of this press release. We undertake no obligation to update publicly any of these forward-looking statements to reflect actual results, new information or future events, changes in assumptions or changes in other factors affecting forward-looking statements, except to the extent required by applicable laws. If we update one or more forward-looking statements, no inference should be drawn that we will make additional updates with respect to those or other forward-looking statements. Investors and security holders are urged to carefully review and consider each of SmartMetric Inc. public filings with the SEC, including but not limited to, if applicable, Annual Reports on Form 10-K, proxy statements, Current Reports on Form 8-K and Quarterly Reports on Form 10-Q.