On the edge with access control devices


Edge computing has been around longer than people think in many building access control devices that use biometrics. In particular, facial recognition devices have become popular with building management recently. These devices determine who can enter a secured premises or not. Taking a deep dive into the security posture of these devices, we discovered leakage of sensitive data and we were able to bypass the security of some of these devices completely. In some cases, these facial recognition access control devices opened the door for us with the camera not even seeing a face.

These access control devices are an example of a new computing paradigm called edge computing. It is a computing architecture designed to bring compute nodes and resources closer to the actual sensors and actuators at the edges of the network, which enables these devices to perform computations and take decisions based solely on the local input, without needing to wait for instructions from an external service.

Migrating the bulk of the computing tasks to the edge introduces risks that were previously not viable with cloud computing. Edge computing nodes are more prone to physical attacks, as they are often located closer to the sensors in the field. Gaining physical access to edge devices also risks access to the rest of the enterprise network, as well as increase the chance of theft of edge nodes, which can contain machine learning models and business logic.

In this research, we showcase several vulnerabilities in edge-based access control devices that are tightly linked to the new device architecture. By exploiting said vulnerabilities we will show how a malicious actor could easily break the physical security of your building and accessing restricted areas by adding unauthorized users, escalating to device administrator, or exfiltrating sensitive enterprise data. Additionally, we included some guidelines in order to help mitigate the security risks introduces by these devices.

Dr. Vincenzo Ciancaglini

Dr. Vincenzo Ciancaglini earned a M.Sc. in Telecommunications Engineering from the Politecnico of Turin and a M.Sc. in Electrical Engineering, Wireless Systems, from the Royal Institute of Technology in Stockholm, Sweden. For several years, he worked as a developer at a travel IT company in Sophia Antipolis, France. During this period, he also took part in the formation of a research and innovation lab within his company, where he was responsible for analysing new upcoming technologies and their potential business developments. From 2009-2013, he obtained his PhD from the National Research Institute in Automation and Computer Science (INRIA) in Sophia Antipolis, with a thesis about peer-to-peer networks interoperability and next-generation internet protocols. Since 2012, he has worked at Trend Micro as a research scientist and senior threat researcher within the Forward-Looking Threat Research team in Trend Micro Research. His duties on the team spans from the development of new data analytics prototypes to identify new upcoming threats, analysis of darknet and underground forums to the research to the research of IOT vulnerabilities.