New Delhi, June 11: Researchers have identified 24 vulnerabilities in the hybrid biometric terminal produced by Chinese manufacturer ZKTeco. According to the cybersecurity company Kaspersky, by adding random user data to the database or using a fake QR code, a threat actor can easily bypass the verification process and gain unauthorised access.

Attackers can also steal and leak biometric data, remotely manipulate devices, and deploy backdoors. High-security facilities worldwide are at risk if they use this vulnerable device, researchers warned. Microsoft Edge Vulnerability: MEITy’s CERT-In Warns Users of Multiple Vulnerabilities in Edge Browser; Check Details

"In addition to replacing the QR code, there is another intriguing physical attack vector. If someone with malicious intent gains access to the device’s database, they can exploit other vulnerabilities to download a legitimate user’s photo, print it, and use it to deceive the device’s camera to gain access to a secured area," said Georgy Kiguradze, Senior Application Security Specialist at Kaspersky. Cybersecurity Attack: 81% Organisations Globally Paid Ransom To End Cyberattack and Recover Data for Third Year in Row, Says US-Based IT Firm Veeam.

As per the researchers, the biometric readers in question are widely used in areas across diverse sectors such as nuclear or chemical plants to offices and hospitals. These devices support face recognition and QR-code authentication, along with the capacity to store thousands of facial templates. All findings were proactively shared with the manufacturer before public disclosure, the researchers mentioned.  "All the factors underscore the urgency of patching these vulnerabilities and thoroughly auditing the device's security settings for those using the devices in corporate areas,” said Kiguradze.

(The above story first appeared on LatestLY on Jun 11, 2024 04:54 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).