A recent study conducted by Dutch IT security consultancy Modat has revealed alarming vulnerabilities in over 49,000 access management systems (AMS) worldwide.
These systems, designed to control and secure access to buildings and sensitive areas, are reportedly plagued by misconfigurations that leave them exposed to cybercriminals.
The findings underscore a global issue affecting industries such as healthcare, government, education, manufacturing, and oil production.
Access management systems authenticate users through methods like passwords, biometrics, or multi-factor authentication and regulate access rights based on predefined policies.
However, the study highlights two critical risks stemming from misconfigured AMS: unauthorized physical access to facilities and exposure of sensitive data.
The compromised systems reportedly allowed access to highly sensitive information, including employee names, identification numbers, biometric data, vehicle license plates, access card details, and even work schedules.
Particularly concerning is the exposure of biometric data in modern AMS platforms, which poses significant risks for identity theft, phishing attacks, and social engineering schemes.
According to the Report, The study identifies Europe, the United States, the Middle East, and North Africa as regions with the highest concentration of vulnerable AMS.
Italy tops the list with 16,678 affected systems, followed by Mexico (5,940) and Vietnam (5,035).
India ranks 10th with approximately 1,070 cases. Notably absent from the top 10 is Germany.
Despite the widespread nature of these vulnerabilities, the report does not specify which manufacturers’ systems are most affected.
This lack of transparency raises questions about accountability and the need for urgent action by vendors and organizations using these systems.
The exposure of such critical infrastructure highlights systemic weaknesses in cybersecurity practices across industries.
As AMS platforms increasingly integrate advanced technologies like biometrics and IoT connectivity, their attack surface expands significantly.
Experts warn that without immediate remediation efforts such as proper configuration protocols and regular security audits, these vulnerabilities could be exploited for large-scale breaches or targeted attacks.
Organizations are urged to prioritize securing their AMS platforms by implementing robust authentication measures and ensuring compliance with global cybersecurity standards.
This incident serves as a stark reminder of the importance of proactive security measures in safeguarding both physical and digital assets.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
Pathfinder AI expands Hunters' vision for AI-driven SOCs, introducing Agentic AI for autonomous investigation and…
A recent technical study conducted by researchers at Trinity College Dublin has revealed that Google…
In a concerning development, cybercriminals are increasingly targeting cloud-based generative AI (GenAI) services in a…
Microsoft has introduced a series of technical recommendations to bolster the security of Virtualization-Based Security…
A sophisticated cyber espionage campaign targeting the aviation and satellite communications sectors in the United…
Microsoft has announced the removal of the Data Encryption Standard (DES) encryption algorithm from Kerberos…