Popular Chinese biometric terminals from ZKTeco, which are installed at specially protected facilities such as nuclear power plants and large enterprises, have been found to be very vulnerable to hacker attacks. Attackers can exploit vulnerabilities to gain access to the complex, steal or replace employee biometrics, or introduce spyware into the infrastructure.
ZKTeco terminals support four methods of user authentication: biometric (using face), password, electronic pass, or QR code. They can store biometric data of thousands of people, and an attack on even one of them can lead to a disaster.
Kaspersky Lab has identified 24 such vulnerabilities.
In particular, attackers could upload their own data to the terminal database under the guise of employees, and then pass through turnstiles or doors. This group of vulnerabilities also allowed replacing executable files, which potentially makes it possible to create a backdoor.
In addition, hackers could inject their data into a QR code to access places where authorization is required. If the terminal starts processing a request containing such a malicious QR code, the database will mistakenly identify it as originating from the last authorized legitimate user. This way, a stranger could enter the system, whom the biometric terminal would accept as a real employee.
Finally, vulnerabilities allowed executing arbitrary commands or code on the device, giving the attacker complete control with the highest level of privileges. This means that the terminal can be used to conduct attacks on other network nodes, and therefore the entire corporate infrastructure was under threat.
All vulnerabilities were grouped and registered, and the manufacturer was immediately notified of the problems.
To prevent attacks using the listed vulnerabilities, Kaspersky Lab advises enterprises that use these and similar terminal models:
- isolate them into a separate network segment;
- use strong administrator passwords, be sure to replace the default ones;
- check and strengthen device security settings, enable thermal sensors on the biometric terminal to avoid authorization using a random photo;
- minimize the use of QR codes;
- regularly update the firmware.
Read materials on the topic:
Yandex Browser surpassed Google Chrome and Safari in blocking fraudulent sites
A new type of cyber espionage against Russian companies has appeared
