Kaspersky has recently analyzed hybrid biometric access systems manufactured by Chinese company ZKTeco, uncovering 24 severe security vulnerabilities. These vulnerabilities could allow attackers to bypass authentication, steal biometric data, and even deploy malicious backdoors.
Kaspersky stated, “By adding random user data to the database or using forged QR codes, malicious attackers can easily bypass the verification process and gain unauthorized access.” They added, “Attackers can also steal and leak biometric data, remotely manipulate devices, and deploy backdoors.”
The Russian cybersecurity company discovered these flaws after reverse engineering the firmware (version ZAM170-NF-1.8.25-7354-Ver1.0.0) and its proprietary protocol used for device communication. It remains unclear whether these issues have been patched.
Vulnerability Details
The 24 vulnerabilities include:
- 6 SQL injections
- 7 stack-based buffer overflows
- 5 command injections
- 4 arbitrary file writes
- 2 arbitrary file reads
Below is a brief description of each type of vulnerability:
- CVE-2023-3938 (CVSS score: 4.6) – An SQL injection vulnerability allowing attackers to authenticate as any user in the database.
- CVE-2023-3939 (CVSS score: 10.0) – A set of command injection vulnerabilities enabling the execution of arbitrary OS commands with root privileges.
- CVE-2023-3940 (CVSS score: 7.5) – An arbitrary file read vulnerability allowing attackers to bypass security checks and access any file on the system.
- CVE-2023-3941 (CVSS score: 10.0) – An arbitrary file write vulnerability allowing attackers to write any file on the system with root privileges.
- CVE-2023-3942 (CVSS score: 7.5) – An SQL injection vulnerability enabling attackers to inject malicious SQL code and perform unauthorized database operations.
- CVE-2023-3943 (CVSS score: 10.0) – A stack-based buffer overflow defect allowing attackers to execute arbitrary code.
Security researcher Georgy Kiguradze remarked, “The discovered vulnerabilities have a wide-ranging impact and are quite concerning. Attackers could sell stolen biometric data on the dark web, exposing affected individuals to deepfakes and sophisticated social engineering attacks.”
Moreover, successful exploitation of these flaws could allow malicious actors to gain access to restricted areas and even implant backdoors, facilitating cyber espionage or destructive attacks.
Recommendations to Mitigate Risk
To reduce the risk of attacks, it is recommended to take the following measures:
- Move biometric readers to a separate network segment
- Use strong administrator passwords
- Improve device security settings
- Minimize the use of QR codes
- Keep systems up to date
By implementing these recommendations, organizations can better protect their biometric systems from potential exploits.