Vulnerabilities Found in Hybrid Biometric Terminal Produced by Chinese Manufacturer ZKTeco
Display Video Article in News Article for the Custom Next Story
Modifying the Body Placing Embeds, Promoslots, Related Etc.
Researchers have identified 24 vulnerabilities in the hybrid biometric terminal produced by Chinese manufacturer ZKTeco. According to the cybersecurity company Kaspersky, by adding random user data to the database or using a fake QR code, a threat actor can easily bypass the verification process and gain unauthorized access. Attackers can also steal and leak biometric data, remotely manipulate devices, and deploy backdoors.
### High-Security Facilities Worldwide at Risk
High-security facilities worldwide are at risk if they use this vulnerable device, researchers warned. “In addition to replacing the QR code, there is another intriguing physical attack vector. If someone with malicious intent gains access to the device’s database, they can exploit other vulnerabilities to download a legitimate user’s photo, print it, and use it to deceive the device’s camera to gain access to a secured area,” said Georgy Kiguradze, Senior Application Security Specialist at Kaspersky.
### Biometric Readers Used in Diverse Sectors
The biometric readers in question are widely used in areas across diverse sectors such as nuclear or chemical plants to offices and hospitals. These devices support face recognition and QR-code authentication, along with the capacity to store thousands of facial templates.
### Urgency of Patching Vulnerabilities
All findings were proactively shared with the manufacturer before public disclosure, the researchers mentioned. “All the factors underscore the urgency of patching these vulnerabilities and thoroughly auditing the device’s security settings for those using the devices in corporate areas,” said Kiguradze.
### Published On
Published On Jun 12, 2024 at 08:32 AM IST
### Category Most Read Placement
### Comment Section
### Subscription in Article
Source Link
