Exposed AMS Systems Risk Unauthorised Access To Buildings And Infrastructure

A major security problem has been uncovered that affects thousands of companies worldwide, putting both employee privacy and physical security at risk.

A report from cybersecurity firm Modat reveals that security systems used by many organizations—known as Access Management Systems (AMS)—have been left exposed on the internet due to misconfigurations.

This leaves sensitive employee data and access to restricted areas vulnerable to cyberattacks. The research shows that critical industries like construction, healthcare, education, manufacturing, oil, and government sectors are affected.

The exposed data includes personal information, such as IDs, photos, biometric details, and work schedules, along with access to buildings and secure areas. This could allow unauthorized people to enter restricted areas and steal sensitive data.

One of the biggest concerns was that some of these exposed systems let attackers change employee information—like photos and biometric data—giving them access to buildings.

Another problem was with vehicle access control systems, which could be altered to allow specific cars into secure areas, such as government or corporate buildings.

Bleeping Computer highlights that exposed AMS pose serious physical security risks, especially in government buildings and critical infrastructure like power stations and water treatment facilities.

In addition to these physical security threats, the exposed data could be used to fuel spear-phishing and social engineering attacks targeting the affected organizations, said Bleeping Computer.

The Modat team found that many of these security problems are concentrated in Europe, the U.S., and parts of the MENA region (Middle East and North Africa).

Italy had the highest number of exposed systems, with more than 16,000, followed by Mexico with 5,940, and Vietnam with over 5,000. The U.S. had nearly 2,000 exposed systems, and while Canada and Japan showed fewer vulnerabilities, they still posed significant risks.

Modat’s investigation found more than 49,000 exposed AMS systems across the world. They’ve reached out to the affected organizations, warning them about the risks and providing advice on how to fix the issues.

Modat advises companies to protect their security systems by blocking outside access with firewalls, updating their software regularly, and limiting who can access sensitive information to prevent unauthorized entry.