"What Dangerous Security Vulnerabilities Can Access Control Systems Have?"

Many access control systems that use facial recognition technology are insecure. They can be breached, deceived, and shown a person's photo on the phone screen rather than their actual face. A typical access control system consists of a device in a metal case with a screen and a front-facing camera aimed at the visitor. Face recognition occurs within the device. Photos taken during the authentication process are not transmitted to a central server. The tablet's processor power is sufficient to perform recognition on its own. A typical deployment architecture includes several of such devices and a central server that synchronizes the user base across devices. There are several vulnerabilities that can come into play here. The device is protected from physical interference by its metal case, but an open USB port can ruin everything. Its purpose is to service the device, but malicious actors can connect their devices and use them to install spyware or run malicious code. Another widespread issue is the device's firmware, which is sometimes based on an old version of Android from several years ago. Many security-related improvements have been made to the operating system over the years. One of the primary reasons devices are breached is because of operating system vulnerabilities. Many access control systems still use HTTP to communicate between the device and the server. All information is sent in clear text and can be intercepted. Administrative commands are also sent in plain text. An attacker with access to the network to which the tablet is connected can intercept network traffic between the access control system and the server, and obtain the information required to carry out attacks. Hackers can register a user, give that user an administrator role, delete that user, and begin synchronization. Some developers exacerbate the vulnerability by creating a completely ineffective device authentication procedure. This article continues to discuss the potential security vulnerabilities faced by access control systems. 

BetaNews reports "What Dangerous Security Vulnerabilities Can Access Control Systems Have?"