By Ionut Arghire on January 17, 2022
A critical vulnerability impacting multiple IDEMIA biometric identification devices can be exploited to unlock doors and turnstiles.
Because of this security defect, if the TLS protocol is not activated, an attacker in the network can send specific commands without authentication to open doors or turnstiles directly operated by a vulnerable device.
The attacker could also exploit the bug to cause a denial of service (DoS) condition by sending a reboot command to the vulnerable device, according to an advisory published by IDEMIA, a France-based tech company that specializes in identity-related physical security services.