Positive Technologies researchers have uncovered a critical vulnerability in IDEMIA biometric identification devices. By exploiting the flaw, attackers can unlock doors and turnstiles.
IDEMIA biometric identification devices are used in the world’s largest financial institutions, universities, healthcare organizations, and critical infrastructure facilities. Natalya Tlyapova, Sergey Fedonin, Vladimir Kononovich, and Vyacheslav Moskvin have discovered a critical vulnerability (VU-2021-004) in the devices. By exploiting it, threat actors can unlock doors and turnstiles.
“The vulnerability has been identified in several lines of biometric readers for the IDEMIA ACS equipped with fingerprint scanners and combined devices that analyze fingerprints and vein patterns,” explains Vladimir Nazarov, Head of ICS Security at Positive Technologies.
“An attacker can potentially exploit the flaw to enter a protected area or disable access control systems,” he added.
The list of devices affected by this vulnerability:
· MorphoWave Compact MD
· MorphoWave Compact MDPI
· MorphoWave Compact MDPI-M
· VisionPass MD
· VisionPass MDPI
· VisionPass MDPI-M
· SIGMA Lite (all versions)
· SIGMA Lite+ (all versions)
· SIGMA Wide (all versions)
· SIGMA Extreme
· MA VP MD
To eliminate the vulnerability, enable and correctly configure the TLS protocol according to Section 7 of the IDEMIA Secure Installation Guidelines. In future firmware versions, IDEMIA will make TLS activation mandatory by default.
More from CyberNews:
Stolen TikTok videos on YouTube Shorts lead to adult dating sites
The BlueNoroff hacking group is after crypto startups
North Korean hackers stole $400 million in cryptocurrency in 2021
Malicious hackers exploit Adobe to harvest credentials
Subscribe to our newsletter
