Sure Connect ABC device to Internet!!??
Amazing to note that many companies are creating devices to connect to the Internet and thus open these devices up to a variety of attacks.
Note the following Blog MWR Labs
The default root password has been disclosed by Packetstorm last year January 12th, 2016.
Login to telnet with the credentials: root / founder88
Did you read that correctly? Yes last year.
This Biometric hardware by Fingertec does not operate like a traditional machine, it is ‘updated’ and gets it’s intelligence from the ‘cloud’. Which means it is on the Internet.
This means that you are exposing this device to the hackers and wily operators of the world.
The problem we have is managers that make decisions to purchase and install these devices are not thinking about security at all.
In fact due to their preconceived notions of it will not happen to us, we are too small, we have nothing to steal, and more excuses, Cybersecurity is not thought about.
They do not understand the implications of clear text tcp/ip communications by Fingertec. To a seasoned hacker (security professional) the device will take a little effort but can be breached rather quickly. Especially if basic precautions are not kept, like changing default passwords.
PCI compliance requires default passwords to be changed, but do we really have to wait for PCI compliance to require the biometric devices to have encrypted communications over the Internet
What if you have Biometric devices? are they connected to the Internet? Maybe they are vulnerable. Contact US to help you with vulnerability analysis