[palkeo]

> Something I wonder about, given network access (over the wifi?) could you upload a valid unprocessed raw fingerprint using the unvalidated "restore backup" function to trick the software into logging some valid user's fingerprint was present, gaining access to the facility?

On the admin interface (that's not protected by a password, as we have shown), there is a link « open door », so all this is unnecessary, you can just open the door by a simple HTTP request.

> I would imagine that messing with the machine could be logged, but luckily it appears pretty easy to overwrite local logs with this machine.

Nope, the « normal » accesses are logged, but for the web interface and everything, there isn't any log.