A critical vulnerability has been discovered in more than ten devices that use biometric identification to control access to protected areas.
The flaw can be exploited to unlock doors and open turnstiles, giving attackers a way to bypass biometric identity checks and physically enter controlled spaces. Acting remotely, hackers could use the vulnerability to execute commands without authentication to unlock a door or turnstile or trigger a terminal restart to cause a denial of service.
Positive technologies researchers Natalya Tlyapova, Sergey Fedonin, Vladimir Kononovich and Vyacheslav Moskvin discovered the flaw, which affects 11 biometric identification devices manufactured by IDEMIA.
The team said the affected devices are used in “the world’s largest financial institutions, universities, healthcare organizations and critical infrastructure”.
The critical vulnerability (VU-2021-004) received a score of 9.1 out of 10 on the CVSS v3 scale, with 10 being the most severe.
“The vulnerability has been identified in several lines of biometric readers for the ACS IDEMIA [access control system] equipped with fingerprint scanners and combination devices that analyze fingerprints and vein patterns,” said Vladimir Nazarov, ICS security manager at Positive Technologies.
He added: “An attacker can potentially exploit the flaw to enter a protected area or disable access control systems.”
The IDEMIA devices affected by the vulnerability are MorphoWave Compact MD, MorphoWave Compact MDPI, MorphoWave Compact MDPI-M, VisionPass MD, VisionPass MDPI, VisionPass MDPI-M, SIGMA Lite (all versions), SIGMA Lite+ (all versions), SIGMA Wide ( all versions), SIGMA Extreme and MA VP MD.
Enabling and Properly Configuring the TLS Protocol According to IDEMIA Secure Installation Section 7 Guidelines will eliminate the vulnerability.
IDEMIA said it will make enabling TLS mandatory by default in future firmware releases.
This is not the first time that researchers from Positive Technologies have discovered a flaw in IDEMIA devices. In July 2021, IDEMIA fixed three buffer overflows and path traversal vulnerabilities identified by the company’s cybersecurity team.
Under certain conditions, these prior vulnerabilities allowed an attacker to execute code or gain read and write access to any file from the device. IDEMIA has released firmware updates to mitigate security vulnerabilities.