• ISA provides technical resources and standards to help industrial automation professionals advance their careers and the field. We enable automation professionals worldwide to solve problems and enhance their skills by bringing people together to create new technologies and share best practices with future automation professionals.

    • Industry Insights

  • We attract over 140,000 unique automation professionals monthly, making us the premier online content provider and the only dedicated electronic magazine in the automation industry.

    Monthly Magazine

    • More things to read

    Back
    Back
  • M logo for Automation.com Monthly. Link to current issue.
  • Search Sponsored By:
News

Positive Technologies Uncovers Vulnerability in IDEMIA Biometric Identification Devices That Can Unlock Doors and Turnstiles

14 January, 2022
1 min read
Positive Technologies Uncovers Vulnerability in IDEMIA Biometric Identification Devices That Can Unlock Doors and Turnstiles
Positive Technologies Uncovers Vulnerability in IDEMIA Biometric Identification Devices That Can Unlock Doors and Turnstiles
The problem concerns IDEMIA biometric readers designed to organize access control, in which privileged commands can be executed via the management protocol.

Jan. 14, 2022 - Positive Technologies researchers, Natalya Tlyapova, Sergey Fedonin, Vladimir Kononovich and Vyacheslav Moskvin have discovered a critical vulnerability ( VU-2021-004 ) in IDEMIA biometric identification devices used in the world's largest financial institutions, universities, healthcare organizations and critical infrastructure facilities. By exploiting the flaw, which received a score of 9.1 on the CVSS v3 scale, attackers can unlock doors and turnstiles. Researchers say the forced use of TLS as a management protocol will help eliminate the risk of biometric identification bypass.

“The vulnerability has been identified in several lines of biometric readers for the IDEMIA ACS [1] equipped with fingerprint scanners and combined devices that analyze fingerprints and vein patterns,” explains Vladimir Nazarov, Head of ICS Security, Positive Technologies. “An attacker can potentially exploit the flaw to enter a protected area or disable access control systems.” A remote attacker can use the following commands without authentication:

  • trigger_relay to unlock a door or turnstile if they are directly controlled by the terminal
  • terminal_reboot to cause a denial of service

To eliminate the vulnerability, enable and correctly configure the TLS protocol according to Section 7 of the IDEMIA Secure Installation Guidelines . In future firmware versions, IDEMIA will make TLS activation mandatory by default. Below is a list of devices affected by this vulnerability:

  • MorphoWave Compact MD
  • MorphoWave Compact MDPI
  • MorphoWave Compact MDPI-M
  • VisionPass MD
  • VisionPass MDPI
  • VisionPass MDPI-M
  • SIGMA Lite (all versions)
  • SIGMA Lite+ (all versions)
  • SIGMA Wide (all versions)
  • SIGMA Extreme
  • MA VP MD

In July 2021, IDEMIA fixed three vulnerabilities discovered by Positive Technologies experts.

About Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection. Commitment to clients and research has earned Positive Technologies a reputation as one of the foremost authorities on Industrial Control System, Banking, Telecom, Web Application, and ERP security, supported by recognition from the analyst community.

Advertisement

Trending Articles

Advertisement

Related Articles

View all Articles and News
Advertisement
Advertisement

International Society of Automation
PO Box 12277

Research Triangle Park, NC 27709

E-Mail: [email protected]

©2026 Automation.com, a subsidiary of the International Society of Automation.