No Entry: How Attackers Can Sneak Past Facial Recognition Devices

facial recognitionThe global pandemic had pushed enterprises around the world to rethink the way their offices operate. In this new age of social distancing, how can big groups safely work together? How can a business reduce their employees’ exposure to the virus? One policy that many are implementing is installing hands-free access control at company entry points to reduce contact employees may have with contaminated surfaces. Of course, access control management requires powerful tools to manage the authentication quickly and efficiently, so many companies are turning to edge computing devices.

Edge computing is a relatively new term — it simply means that higher powered resources are closer to the devices at the “edge” of the network (like IP cameras that take images for access control) to reduce lag and increase efficiency. This is in contrast to a cloud-oriented internet of things (IoT) system where many low-powered devices at the edge of the network collect data and send it to a cloud solution that processes the data and gives commands. Edge computing devices are already in use in many different industries — trucks are equipped with devices that monitor and maintain temperature and environment; factory automation systems are starting to use high-powered devices; even modern elevators have adopted edge computing solutions.

How Secure are Access Control Devices?

Access control devices manage entry and exit into an enterprise’s premises. As mentioned above, many businesses are looking into contactless entry solutions, mainly turning to edge devices that use facial recognition or small devices like RFID cards. These devices serve as the first line of defense for keeping intruders out of offices, which can be subject to many different types of attacks. We analyze different ways an intruder can trick or hack into facial recognition access control devices:

Using static images. There are some access control devices that are simply susceptible to static images, like an image on a phone. This is a critical weakness because of the availability of personal images on social media. If an attacker knows the name of an employee of the targeted company, they may be able to find clear images of their face online.

Using product information on the device. Many devices have important information printed directly onto them, for example, serial numbers or manufacturer designations. Hackers can use this information to gain further access into devices, possibly allowing them to steal the password and manipulate the door control.

Using exposed ports. Access control devices are often tablets that have ports for the transfer of information or power. Many have solid cases that protect the tablets from tampering, but there are a few that leave ports exposed. If a USB port is left exposed to a hacker, they could gain access to the door controls. They could also gain deeper access to the device and download data like images and user names, or add a new user to the device and give them access to company premises.

Listening in on communications. Most of the access control devices are linked and managed through a server and custom software from the manufacturer. Communication between device and server is easily intercepted and manipulated if it is not encrypted or secured, allowing a threat actor to harvest data such as user images and details. Also, a hacker can impersonate the server and force updates on devices, and add new users or install new administrators for the device.

Device security and protection

Compared to ordinary smart devices, edge computing devices are more powerful and can even hold valuable data. Access control devices in particular play an important role in enterprise security, and a successful attack can have serious consequences. To help companies mitigate such attacks, we have some recommendations on how to secure these machines:

  • Check if ports are exposed and ensure that communication is secure. Cybersecurity has to be top of mind when choosing an access control device.
  • Since many of these devices deploy widely used hardware and software, an enterprise should be on top of vulnerabilities that affect their devices. Always install the latest security updates as soon as they’re available.
  • Access control devices are usually placed in public areas. It is important to physically secure the device to make sure no one can access any ports or see sensitive information printed on the device.
  • Enterprises can also install endpoint protection on devices to protect them from vulnerabilities and cyberattacks. Deep packets inspection products, such as Trend Micro Deep Discovery Inspector™, can help prevent an attacker trying to impersonate the edge device or server. These network monitoring products can also help to identify and prevent unauthorized network traffic from unknown network endpoints.
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.