Cyber Security News

Popular Biometric Terminal Vulnerable To QR Code SQL Injection

by Esmeralda McKenzie
written by Esmeralda McKenzie
Popular Biometric Terminal Vulnerable To QR Code SQL Injection

Popular Biometric Terminal Vulnerable To QR Code SQL Injection

Customary Biometric Terminal Weak To QR Code SQL Injection

A customary hybrid biometric terminal manufactured by ZKTeco has been found out to devour several extreme vulnerabilities, including a prime flaw that permits for SQL injection by strategy of QR codes.

This discovery raises serious considerations about the safety of biometric entry management programs, which are broadly former in varied excessive-safety environments.

Overview of Biometric Terminals

Biometric terminals are superior devices former for private identification and entry management.

In accordance with the SecureList divulge, they depend on queer human bodily traits corresponding to fingerprints, facial aspects, inform, or iris patterns to test identity.

Exterior look of the system
Exterior look of the system

These terminals are continuously employed in elegant areas adore server rooms, executive locations of work, and perilous facilities, including nuclear vitality plant life and chemical plant life. They file staff’ work hours, enhancing productiveness and lowering fraud.

Advantages and Downsides

Biometric terminals provide several advantages:

  • Highly Upright Identification: Biometric records is queer to every individual, making it a reliable verification method.
  • Safety: Biometric records is subtle to forge or reproduction, enhancing system safety.
  • User-Pleasant: Users fabricate now not need to be aware passwords or carry entry cards.
  • Efficiency: These terminals can rapidly route of great quantities of files, lowering wait occasions.

On the opposite hand, they even devour downsides:

  • Rate: Biometric terminals are most continuously dearer than ragged entry management programs.
  • Threat of Error: Systems can misidentify individuals with broken fingertips or other anomalies.
  • Privateness Concerns: There are considerations about biometric records being saved and former with out consent.
  • Technological Barriers: Some methods, adore facial recognition, may perhaps perhaps perhaps moreover moreover be much less efficient in low light or when the topic is wearing a hide.

Safety Diagnosis of ZKTeco Terminal

The ZKTeco hybrid biometric terminal supports a couple of authentication methods, including facial recognition, passwords, electronic passes, and QR codes.

Having a stare for the protocol on port 4370/TCP
Having a stare for the protocol on port 4370/TCP

The system has several bodily interfaces, corresponding to RJ45, RS232, and RS485, and may perhaps perhaps perhaps moreover moreover be connected to other scanners or authentication methods.

Vulnerabilities Came across

The protection evaluation revealed several vulnerabilities:

  • QR Code SQL Injection: The system turn into found out to be at threat of SQL injection attacks by strategy of QR codes. Attackers may perhaps perhaps perhaps well fabricate unauthorized entry by presenting a QR code containing malicious SQL code.
Gaining entry with the help of an SQL injection
Gaining entry with the help of an SQL injection
  • Buffer Overflow: The system had a couple of buffer overflow vulnerabilities as a consequence of bad particular person enter handling.
CMD_CHECKUDISKUPDATEPACKPAGE handler
CMD_CHECKUDISKUPDATEPACKPAGE handler
  • Unencrypted Firmware: The firmware turn into found out to be unencrypted, making it more straightforward for attackers to extract and analyze.
Firmware facts as considered within the setup menu
Firmware facts as considered within the setup menu
  • Veteran Authentication: The system’s authentication mechanism turn into outmoded, with the default password discipline to 0 and with out direct brute-forced.

Exploitation and Influence

The vulnerabilities enable attackers to:

  • Bypass Authentication: Create unauthorized bodily entry to actual areas.
  • Leak Biometric Records: Extract elegant biometric records from the system.
  • Network Access: Create network entry to the system and use it as a pivot level for further attacks.

The invention of these vulnerabilities in a broadly former biometric terminal underscores the importance of rigorous safety measures in designing and deploying biometric programs.

Whereas biometric terminals provide major advantages with regards to safety and effectivity, they also introduce unusual risks that must composed be in moderation managed.

Organizations the utilization of such devices must composed be sure they are wisely configured and on a normal foundation up to this point to mitigate possible safety threats.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo

Source credit : cybersecuritynews.com

Related Posts

Google Chrome 127 Released With Fix for Vulnerabilities...

New Windows False File Immutability Vulnerability Let Attackers...

CrowdStrike Details Incident Affected Millions of Windows Systems...

IPFire Unveils New Feature to Protect Systems from...

Play Ransomware Variant Attacking Linux ESXi Servers

Google Researchers Detailed Tools Used by APT41 Hacker...

Threat Actors Hijacking Facebook Accounts With Password Stealing...

Weekly Cyber Security News Letter – Data Breaches,...

CrowdStrike Releases Fix for Updates Causing Windows to...

Cisco Smart Software Manager Flaw Let Attackers Change...