Biometric Terminals Found to Have Vulnerabilities by Researchers

Dark Watch
Biometric Terminals Found to Have Vulnerabilities by Researchers

Published:

Written by: Staff Editor
spot_img

Widespread Vulnerabilities in ZKTeco Biometric Terminals Discovered by Kaspersky Researchers

Kaspersky researchers have uncovered a series of critical vulnerabilities in biometric terminals developed by ZKTeco, raising concerns about potential security breaches in high-security environments. These flaws could allow threat actors to bypass authentication, steal sensitive data, and even take full control of the affected terminals.

The biometric terminals, which are widely used and distributed under various brand names, are commonly found in sensitive locations such as nuclear power plants, chemical plants, and hospitals. With the ability to store thousands of facial templates, these devices play a crucial role in ensuring security and access control.

Researchers identified 24 different vulnerabilities in ZKTeco biometric terminals, including SQL injection, buffer stack overflow, command injection, and arbitrary file write and read vulnerabilities. These flaws could be exploited by cybercriminals to gain unauthorized access, steal biometric data, and deploy backdoors for future attacks.

Georgy Kiguradze, Senior Application Security Specialist at Kaspersky, emphasized the diverse impact of these vulnerabilities, highlighting the risks of deepfake attacks and social engineering tactics. He urged immediate patching of these vulnerabilities to prevent potential data breaches and unauthorized access to restricted areas.

While the researchers have shared their findings with ZKTeco, it is unclear whether the vulnerabilities have been addressed. In the meantime, they recommend isolating biometric reader usage, strengthening administrator passwords, auditing security settings, minimizing QR code functionality, and regularly updating firmware to mitigate risks.

As organizations rely on biometric terminals for access control and security, it is crucial to address these vulnerabilities promptly to safeguard sensitive data and prevent potential security breaches. The urgency of patching these flaws underscores the importance of proactive security measures in high-risk environments.

spot_img

Related articles

Recent articles

Verdant IMAP Wins Best Private Equity Advisory at 2025 Africa Service Providers Awards

Regional
Verdant IMAP Wins Top Honor at Africa Global Funds Awards 2025 Verdant IMAP has been recognized at the Africa Global Funds (AGF) Africa Service Providers...
Read more

CISA Warns of VMware Zero-Day Exploit Used by China-Linked Hackers in Ongoing Attacks

Global
Cybersecurity Alert: Critical Vulnerability in VMware Affects Many Systems Overview of the Vulnerability On October 31, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) flagged...
Read more

Defense Contractor Manager Admits Guilt in Selling Cyber Exploits to Russian Broker

Resources
Understanding Insider Threats in Cybersecurity: The Case of Peter Williams Insider threats in cybersecurity pose a significant risk to national security and corporate integrity. The...
Read more

Nvidia: A Tech Titan Surpassing India’s Economy in the AI Era

Fact Check
Nvidia’s Historic $5 Trillion Valuation: A New Era in Global Economics New Delhi | Business Desk In a monumental moment that reshapes the landscape of global...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com