Organizations across various industries around the world are facing a privacy and physical security risk with misconfigurations observed in more than 49,000 online access management systems (AMS) leveraged for controlling employee access to their facilities, reports BleepingComputer.
Nearly 2,000 of the exposed AMS systems were in the U.S., which is far fewer than vulnerable systems in Italy, Mexico, and Vietnam, according to an investigation from cybersecurity firm Modat.
Meanwhile, information revealed by the internet-exposed AMS systems included employees' personal identification details, biometrics, and photographs, and also access logs and work schedules. Aside from exposing information that attackers could leverage for spear-phishing and social engineering attacks, attackers could also leverage AMS access to modify employee records and access credentials, threatening organizations' physical security.
Such findings should prompt AMS owners and admins to use VPNs and firewalls, replace default admin credentials, and encrypt personally identifiable information and biometric details, as well as ensure up-to-date firmware and software updates.
