Using Fingerprints At Food Kiosks? There Are Risks.

Brian Krebs breaks story that Avanti, a self-service food kiosk vendor, was hacked.

Avanti Markets, a vendor with "micro markets" in many corporate offices throughout the United States, has had a data breach believed to involve credit card and biometric data.

See more from Brian's article. An interesting twist to this data breach is that biometric data was likely stolen. Unlike other pieces of your identity, fingerprints cannot be changed, and so should always be stored in encrypted form.

According to a link in an article on Avanti Market's web site, Fun Facts: Your Fingerprints, Avanti uses digitalPersona's U.are.U 4500 USB Fingerprint Reader.

digitalPersona U.are.U 4500 USB Finger Print Reader

It is unclear to me how many of these may be in use, but it is not a small firm. It was acquired by another company in the authentication space, CrossMatch.

Wherever the reader is used, if the data stored isn't protected, your prints could be used if the systems relying on them or infrastructure serving them is compromised.

Avanti claims to use data encryption by implementing Virtual Private Network tunnels yet, according to Brian's article, it's possible that about half of the self-checkout systems do not have point to point encryption to protect the data.

Avanti Markets Security

Bottom line, think twice before using the convenience of a fingerprint reader at a Kiosk. Passwords, credit cards, even with some difficulty, names can be changed if absolutely necessary, but you're pretty much stuck with your fingerprints.

comments powered by Disqus