CySecurity News – Latest Information Security and Hacking Incidents
To unlock doors and turnstiles, a significant vulnerability affecting various IDEMIA biometric identity devices can be exploited.
If the TLS protocol is not enabled, an attacker on the system can transmit particular commands without verification to unlock doors or turnstiles that are directly controlled by a vulnerable device.
According to an advisory issued by IDEMIA, a France-based tech business that specialises in identity-related physical security services, the attacker may potentially use the bug to trigger a denial of service (DoS) condition by sending a reboot order to the susceptible device.
The issue was discovered by researchers at Positive Technologies, a Russian cybersecurity firm that was sanctioned by the US last year for potential ties to Russian intelligence. It has a CVSS score of 9.1 and yet no CVE identification number has been issued for it until now.
MorphoWave Compact MD/MDPI/MDPI-M, VisionPass MD/MDPI/MDPI-M, all variants of SIGMA Lite/Lite+/Wide, SIGMA Extreme, and MA VP MD are among the products affected.
Critical infrastructure sites, financial institutions, healthcare organisations, and colleges are among the institutions that depend on vulnerable IDEMIA biometric identification devices.
IDEMIA stated, “
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: