Knock, Knock: Aiphone Bug Allows Cyberattackers to Literally Open (Physical) Doors
"The same basic security best practices we apply to IT equipment needs to be extended to these systems in a consistent manner."For instance, "storing passwords in a plaintext file is something that should be avoided for obvious reasons," he says.Hicks adds that there are many IoT devices whose compromise would not create much of a security issue — but access control systems are not one of them. ... "It is especially easy to make security gaffes, because security is usually not their area of expertise, and in many cases it does not directly improve the user experience."Roger Grimes, data-driven defense evangelist at KnowBe4, is harsher, and says the vulnerability suggests that Aiphone did not even do basic threat modeling."It makes me suspicious of their entire design, security-wise," he says. CVEs: CVE-2022-40903 [View Article](https://www.darkreading.com/iot/knock-knock-aiphone-bug-allows-cyberattackers-to-literally-open-physical-doors)