Massive Vulnerability in Apartment Building Access Control System Exposes Hundreds of Buildings
A security researcher discovered a critical vulnerability in the MESH by Viscount apartment building access control system: the default credentials, "freedom:viscount," remain unchanged, exposing hundreds of buildings' access control systems to the internet. Attackers can easily use this vulnerability to remotely register new fobs, disable existing ones, and even completely control building access, obtaining sensitive resident information like names, unit numbers, and phone numbers. The researcher has reported the vulnerability to the manufacturer and obtained a CVE, but the manufacturer hasn't yet taken effective measures to notify affected users. This highlights the importance of IoT security and the significant risk posed by default passwords.