Researchers with Kaspersky Lab disclosed a number of vulnerabilities in a popular brand of biometrics scanners. The security firm disclosed a total of six CVE vulnerability entries regarding code injection flaws in hardware from ZkTeco. While the research focused on ZkTeco specifically, the Kaspersky crew said that the findings suggest a larger possibility for serious security flaws in biometrics and authentication hardware. “Biometric scanners offer a unique way to resolve the conflict between security and usability,” the researchers wrote. The hackers’ proof-of-concept loaded a QR code with additional commands that would grant the attacker with privileges otherwise locked off from ordinary users.

Source: Punch June 13, 2024 03:13 UTC