Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label IDEMIA. Show all posts

Flaw in IDEMIA Biometric Readers Enables Intruders to Unlock Doors

 

To unlock doors and turnstiles, a significant vulnerability affecting various IDEMIA biometric identity devices can be exploited. 

If the TLS protocol is not enabled, an attacker on the system can transmit particular commands without verification to unlock doors or turnstiles that are directly controlled by a vulnerable device. 

According to an advisory issued by IDEMIA, a France-based tech business that specialises in identity-related physical security services, the attacker may potentially use the bug to trigger a denial of service (DoS) condition by sending a reboot order to the susceptible device. 

The issue was discovered by researchers at Positive Technologies, a Russian cybersecurity firm that was sanctioned by the US last year for potential ties to Russian intelligence. It has a CVSS score of 9.1 and yet no CVE identification number has been issued for it until now. 

MorphoWave Compact MD/MDPI/MDPI-M, VisionPass MD/MDPI/MDPI-M, all variants of SIGMA Lite/Lite+/Wide, SIGMA Extreme, and MA VP MD are among the products affected. 

Critical infrastructure sites, financial institutions, healthcare organisations, and colleges are among the institutions that depend on vulnerable IDEMIA biometric identification devices. 

IDEMIA stated, “Activation, proper configuration of TLS protocol and installation of the TLS certificate on the device fixes the aforementioned vulnerability,” 

To entirely eliminate the danger of biometric identification circumvent, the business aims to make TLS the default in future firmware versions for vulnerable devices. 

Vladimir Nazarov, head of ICS Security at Positive Technologies, said, “The vulnerability has been identified in several lines of biometric readers for the IDEMIA ACS equipped with fingerprint scanners and combined devices that analyze fingerprints and vein patterns. An attacker can potentially exploit the flaw to enter a protected area or disable access control systems.”