{"id":11199,"date":"2026-01-27T07:12:24","date_gmt":"2026-01-27T07:12:24","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=11199"},"modified":"2026-01-27T07:12:24","modified_gmt":"2026-01-27T07:12:24","slug":"entry-system-flaws-enabled-hackers-to-unlock-doorways-at-main-european-companies","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=11199","title":{"rendered":"Entry System Flaws Enabled Hackers to Unlock Doorways at Main European Companies"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><strong>Vulnerabilities found by researchers in Dormakaba bodily entry management methods may have allowed hackers to remotely open doorways at main organizations.<\/strong><\/p>\n<p>The safety holes had been found by specialists at SEC Seek the advice of, a cybersecurity consulting agency underneath Atos-owned Eviden, in Dormakaba\u2019s Exos central administration software program, a {hardware} entry supervisor, and registration items that allow entry through a keypad, fingerprint reader, or chip card.<\/p>\n<p>A number of sorts of vulnerabilities had been <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/sec-consult.com\/blog\/detail\/hands-free-lockpicking-critical-vulnerabilities-in-dormakabas-physical-access-control-system\/\">recognized<\/a>, together with hardcoded credentials and encryption keys, weak passwords, lack of authentication, insecure password era, native privilege escalation, information publicity, path traversal, and command injection points.<\/p>\n<p>The susceptible product is especially utilized by giant enterprises in Europe, together with industrial firms, power suppliers, logistics corporations, and airport operators.\u00a0<\/p>\n<p>Exploitation of the failings recognized by SEC Seek the advice of researchers may have allowed menace actors to straight unlock doorways, receive entry PINs, or conduct additional assaults within the compromised setting.\u00a0<\/p>\n<p>\u201cJust a few thousand clients had been probably affected, with a small subset having high-security necessities,\u201d Dormakaba advised <em>SecurityWeek<\/em>.\u00a0<\/p>\n<div class=\"zox-post-ad-wrap\"><span class=\"zox-ad-label\">Commercial. Scroll to proceed studying.<\/span><\/div>\n<p>In complete, greater than 20 vulnerabilities had been found and reported to the seller, which over the previous 12 months and a half has been working to launch patches and hardening tips.\u00a0<\/p>\n<p>Dormakaba has additionally been working with main clients to make sure that their entry methods are now not susceptible.\u00a0<\/p>\n<p>In accordance with the seller, \u201cTo take advantage of the vulnerabilities, an attacker wants prior entry to the customer-specific infrastructure (community or {hardware}). Because of this, exploitation would solely be doable from inside the buyer\u2019s personal protected community.\u201d<\/p>\n<p>Nevertheless, SEC Seek the advice of has recognized a number of dozen internet-exposed methods that had been susceptible and will have been focused by hackers to open doorways straight from the net.\u00a0<\/p>\n<p>Dormakaba said that it\u2019s \u201cnot conscious of any circumstances the place the recognized vulnerabilities have been exploited.\u201d<\/p>\n<p>The cybersecurity agency has revealed a video exhibiting how an attacker may have exploited the vulnerabilities to open doorways utilizing specifically crafted requests:<\/p>\n<figure class=\"wp-block-embed aligncenter is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\">\n<div class=\"jeg_video_container jeg_video_content\"><iframe loading=\"lazy\" title=\"Dormakaba proof of concept opening a relay \/ door without authentication\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/xIIGdcvzzPA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/figure>\n<p><strong>Associated<\/strong>: <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/payment-system-vendor-took-year-to-patch-infinite-card-top-up-hack-security-firm\">Fee System Vendor Took 12 months+ to Patch Infinite Card Prime-Up Hack: Safety Agency<\/a><\/p>\n<p><strong>Associated<\/strong>: <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/researcher-says-healthcare-facilitys-doors-hackable-for-over-a-year\/\">Researcher Says Healthcare Facility\u2019s Doorways Hackable for Over a 12 months<\/a><\/p>\n<p><strong>Associated<\/strong>: <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/organizations-slow-to-protect-doors-against-hackers-researcher\/\">Organizations Gradual to Defend Doorways Towards Hackers: Researcher<\/a>\n\t\t\t<\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>Vulnerabilities found by researchers in Dormakaba bodily entry management methods may have allowed hackers to remotely open doorways at main organizations. The safety holes had been found by specialists at SEC Seek the advice of, a cybersecurity consulting agency underneath Atos-owned Eviden, in Dormakaba\u2019s Exos central administration software program, a {hardware} entry supervisor, and registration [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":11201,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[539,2602,7576,4012,1018,1812,554,967,849,791],"class_list":["post-11199","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-access","tag-doors","tag-enabled","tag-european","tag-firms","tag-flaws","tag-hackers","tag-major","tag-system","tag-unlock"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/11199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11199"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/11199\/revisions"}],"predecessor-version":[{"id":11200,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/11199\/revisions\/11200"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/11201"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11199"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-05-06 17:20:03 UTC -->