Security vulnerabilities have been identified in ZKTeco hybrid biometric terminals, manufactured by ZKTeco. These vulnerabilities pose a significant risk to security and data protection.

Description

Security experts and researchers have discovered critical vulnerabilities in ZKTeco hybrid biometric terminals, produced by Chinese manufacturer ZKTeco [1]. These vulnerabilities include physical bypass via fake QR codes, SQL injection attacks [2] [4] [6] [7], exploitation of SSH on non-standard ports with correct credentials, and the ability for threat actors to bypass verification processes by adding random user data or using a fake QR code. This could potentially lead to authentication bypass, physical access violations [3], network breaches [3] [4], and leaks of biometric data [1] [2] [5]. Attackers could also remotely manipulate devices, deploy backdoors [1] [2] [5], and gain full control over the device [2], with the potential to steal and leak biometric data. The flaws in the protocol authentication method and ‘standalonecomm’ service documentation may grant attackers full privileges, allowing them to access sensitive user data [2], alter databases [2], execute arbitrary commands [2], and gain full control over the device [2]. The biometric terminal supports various authentication methods such as biometrics, passwords [3] [6] [7], electronic passes [3], and QR codes [3] [4], with administrator privileges granting access to settings and user management [3]. The device supports face recognition and QR-code authentication [1] [5], with the capacity to store thousands of facial templates [1]. To enhance security, it is recommended to isolate biometric readers on separate network segments, use robust administrator passwords [7], and regularly audit security settings. Hardware security modules and advanced encryption technologies can protect databases from unauthorized access. While biometric data like faces, fingerprints [7], and iris scans are difficult to forge [7], detecting deepfake voices remains a challenge in biometric authentication [7]. The vulnerabilities in the biometric terminal pose a significant risk to high-security facilities worldwide, with potential impacts ranging from selling stolen biometric data on the dark web to covertly infiltrating enterprise networks for cyberespionage or sabotage [2]. All findings were shared with the manufacturer before public disclosure [1] [5], emphasizing the urgency of patching these vulnerabilities and auditing the device’s security settings for those using it in corporate areas [1] [5].

Conclusion

The identified vulnerabilities in ZKTeco hybrid biometric terminals highlight the importance of robust security measures to protect sensitive data. Mitigations such as isolating biometric readers, using strong passwords, and regular security audits are essential to prevent unauthorized access. Future implications include the need for advanced encryption technologies and improved authentication methods to enhance security in high-risk environments.

References

[1] https://easternmirrornagaland.com/24-bugs-in-chinese-biometric-device-can-compromise-data/
[2] https://securityreviewmag.com/?p=26833
[3] https://www.technadu.com/24-vulnerabilities-affect-popular-biometric-terminal/532169/
[4] https://cybermaterial.com/zkteco-biometric-security-risks/
[5] https://www.sentinelassam.com/more-news/international/24-bugs-in-chinese-biometric-device-can-compromise-data-researchers
[6] https://voi.id/en/technology/389415
[7] https://www.darkreading.com/vulnerabilities-threats/scores-of-biometrics-bugs-emerge-highlighting-authentication-risks