Popular Biometric Terminal Vulnerable To QR Code SQL Injection

A popular hybrid biometric terminal manufactured by ZKTeco has been found to have several critical vulnerabilities, including a significant flaw that allows for SQL injection via QR codes.

This discovery raises serious concerns about the security of biometric access control systems, which are widely used in various high-security environments.

EHA

Overview of Biometric Terminals

Biometric terminals are advanced devices used for personal identification and access control.

According to the SecureList report, they rely on unique human physical characteristics such as fingerprints, facial features, voice, or iris patterns to verify identity.

External appearance of the device
External appearance of the device

These terminals are often employed in sensitive areas like server rooms, executive offices, and hazardous facilities, including nuclear power plants and chemical plants. They record employees’ work hours, enhancing productivity and reducing fraud.

Analyze any MaliciousURL, Files & Emails & Configuration With ANY RUN Start your Analysis

Benefits and Downsides

Biometric terminals offer several advantages:

  • Highly Accurate Identification: Biometric data is unique to each individual, making it a reliable verification method.
  • Security: Biometric data is difficult to forge or copy, enhancing system security.
  • User-Friendly: Users do not need to remember passwords or carry access cards.
  • Efficiency: These terminals can quickly process large amounts of data, reducing wait times.

However, they also have downsides:

  • Cost: Biometric terminals are generally more expensive than traditional access control systems.
  • Risk of Error: Systems can misidentify individuals with damaged fingertips or other anomalies.
  • Privacy Concerns: There are concerns about biometric data being stored and used without consent.
  • Technological Limitations: Some methods, like facial recognition, can be less effective in low light or when the subject is wearing a mask.

Security Analysis of ZKTeco Terminal

The ZKTeco hybrid biometric terminal supports multiple authentication methods, including facial recognition, passwords, electronic passes, and QR codes.

Searching for the protocol on port 4370/TCP
Searching for the protocol on port 4370/TCP

The device has several physical interfaces, such as RJ45, RS232, and RS485, and can be connected to other scanners or authentication methods.

Vulnerabilities Discovered

The security analysis revealed several vulnerabilities:

  • QR Code SQL Injection: The device was found to be susceptible to SQL injection attacks via QR codes. Attackers could gain unauthorized access by presenting a QR code containing malicious SQL code.
Gaining access with the help of an SQL injection
Gaining access with the help of an SQL injection
  • Buffer Overflow: The device had multiple buffer overflow vulnerabilities due to improper user input handling.
CMD_CHECKUDISKUPDATEPACKPAGE handler
CMD_CHECKUDISKUPDATEPACKPAGE handler
  • Unencrypted Firmware: The firmware was found to be unencrypted, making it easier for attackers to extract and analyze.
Firmware details as seen in the setup menu
Firmware details as seen in the setup menu
  • Weak Authentication: The device’s authentication mechanism was weak, with the default password set to 0 and easily brute-forced.

Exploitation and Impact

The vulnerabilities allow attackers to:

  • Bypass Authentication: Gain unauthorized physical access to secure areas.
  • Leak Biometric Data: Extract sensitive biometric data from the device.
  • Network Access: Gain network access to the device and use it as a pivot point for further attacks.

The discovery of these vulnerabilities in a widely used biometric terminal underscores the importance of rigorous security measures in designing and deploying biometric systems.

While biometric terminals offer significant benefits in terms of security and efficiency, they also introduce new risks that must be carefully managed.

Organizations using such devices should ensure they are correctly configured and regularly updated to mitigate potential security threats.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.