Flaw Found in Biometric ID Devices

Flaw Found in Biometric ID Devices

A critical vulnerability has been discovered in more than ten devices that use biometric identification to control access to protected areas.

The flaw can be exploited to unlock doors and open turnstiles, giving attackers a way to bypass biometric ID checks and physically enter controlled spaces. Acting remotely, threat actors could use the vulnerability to run commands without authentication to unlock a door or turnstile or trigger a terminal reboot so as to cause a denial of service.

Positive Technologies researchers Natalya Tlyapova, Sergey Fedonin, Vladimir Kononovich, and Vyacheslav Moskvin found the flaw, which impacts 11 biometric identification devices made by IDEMIA. 

The team said that the impacted devices are in use in the "world's largest financial institutions, universities, healthcare organizations, and critical infrastructure facilities." 

The critical vulnerability (VU-2021-004) has received a score of 9.1 out of 10 on the CVSS v3 scale, with 10 being the most severe.

“The vulnerability has been identified in several lines of biometric readers for the IDEMIA ACS [access control system] equipped with fingerprint scanners and combined devices that analyze fingerprints and vein patterns,” said Vladimir Nazarov, head of ICS Security at Positive Technologies. 

He added: “An attacker can potentially

Read More: https://www.infosecurity-magazine.com/news/flaw-found-in-biometric-id-devices/