Live
- Afghanistan: Massive arms haul unearthed in Uruzgan province
- India witnessing unprecedented transformation in infra, logistics sectors: Rajnath Singh
- Monsoon session of Madhya Pradesh Assembly set to begin tomorrow
- 4th Test: Gill has stood up in toughest moments for India, says Ponting
- Bengal LoP accuses Mamata govt of appointing temporary employees as BLOs
- Thailand, Cambodia agree to meet for ceasefire talks
- Laos urges vigilance as dengue risk rises amid persistent rainfall
- Workers stage protests over unpaid wages in Bangladesh
- Opposition leads in Booth Level Agent appointments during Bihar’s SIR drive
- Gill equals Bradman record with fourth ton as Test captain
24 bugs in Chinese biometric device can compromise data
Researchers have identified 24 vulnerabilities in the hybrid biometric terminal produced by Chinese manufacturer ZKTeco.
New Delhi : Researchers have identified 24 vulnerabilities in the hybrid biometric terminal produced by Chinese manufacturer ZKTeco.
According to the cybersecurity company Kaspersky, by adding random user data to the database or using a fake QR code, a threat actor can easily bypass the verification process and gain unauthorised access. Attackers can also steal and leak biometric data, remotely manipulate devices, and deploy backdoors.
High-security facilities worldwide are at risk if they use this vulnerable device, researchers warned. "In addition to replacing the QR code, there is another intriguing physical attack vector. If someone with malicious intent gains access to the device’s database, they can exploit other vulnerabilities to download a legitimate user’s photo, print it, and use it to deceive the device’s camera to gain access to a secured area," said Georgy Kiguradze, Senior Application Security Specialist at Kaspersky.
As per the researchers, the biometric readers in question are widely used in areas across diverse sectors such as nuclear or chemical plants to offices and hospitals. These devices support face recognition and QR-code authentication, along with the capacity to store thousands of facial templates.
All findings were proactively shared with the manufacturer before public disclosure, the researchers mentioned. "All the factors underscore the urgency of patching these vulnerabilities and thoroughly auditing the device's security settings for those using the devices in corporate areas,” said Kiguradze.
