Home 9 News 9 Official Statement Regarding Recent Security Notification.

Official Statement Regarding Recent Security Notification.

Jun 24, 2024 | News, Product Updates

Official Statement from ZKTeco Regarding Recent Security Notification.

At ZKTeco, we uphold security and privacy as foundational elements of our service and product offerings. Upholding these principles has always been our priority, guided by global standards like GDPR, reinforced by our certifications in ISO/IEC 27701, 27001, and 27017. Today, we want to address concerns that have arisen regarding vulnerabilities in specific models of our terminals.

Addressing the Issue:

We are aware of these vulnerabilities and have mobilised our R&D team to develop a comprehensive response. We understand the potential impact on your operations and are addressing these issues with the seriousness and urgency they warrant.

Ongoing Solutions:

Our R&D team is actively working to resolve all identified vulnerabilities. Our focus is not merely on patching these issues but on fundamentally improving our systems to prevent similar vulnerabilities from recurring in the future.

Firmware Updates:

To ensure the integrity of your operations, we are offering firmware updates free of charge to all our partners and clients. These updates will begin rolling out on June 23rd for directly affected models, with updates for other models to follow within 30 working days.

Enhanced Security Measures:

We recognise the importance of continuous improvement in security. To this end, we will engage a third-party cybersecurity lab to conduct regular audits of our systems. Furthermore, we are taking steps to ensure compliance with the NIS2 directive and other relevant rules and regulations on cybersecurity, reinforcing our commitment to robust security practices. 

Security Perspective:

It is important to note that security vulnerabilities are a widespread issue across the software and hardware industry. However, this does not lessen our resolve but rather strengthens our commitment to enhancing security measures. While these vulnerabilities do not pose a severe threat to the overall security of our systems, we are handling this matter with all due diligence and transparency. 

Enhanced Biometric Security:

Our biometric systems utilise advanced security features that prevent reverse engineering. By extracting only the essential parts of biometric features to create non-reversible templates, we significantly enhance the security and privacy of user data. Therefore, the mere acquisition of such templates would not directly result in the leakage of users’ biometric data.

Temporary Measures and Customer Support:

We recommend disabling the Steady QR code mode on all terminals and switching to the dynamic QR code mode, which remains secure and unaffected. For those with immediate security concerns, we are prioritising the dispatch of firmware updates to ensure your systems are updated as swiftly as possible.

Our Commitment:

We deeply regret any concern this may have caused. Our team values the trust you place in our products and services, and we are committed to restoring and maintaining that trust. We appreciate your understanding and support as we navigate this challenge and enhance our security measures.

For further information, support, or updates, please contact ZKTeco UK Customer Support at uk.support@zkteco.co.uk.

APPENDIX

Appendix: Official List of Affected Models and Firmware Versions

This appendix is intended to provide stakeholders with a comprehensive outline of the models and firmware versions that have been identified as vulnerable to the recently discovered security issues. Please refer to the information below to verify if your ZKTeco products are included in the upcoming firmware updates.

 List of Affected Terminal Models and Corresponding Firmware Versions

  • ZAM180 Platform, SpeedFace-V5L Model Firmware Version Affected: ZAM180-NF-Ver1.1.10 and higher
  • ZAM180 Platform, SpeedFace-V4L/SpeedFace-V4LM1 Model Firmware Version Affected: ZAM180-NF40VA-Ver3.0.36 and higher
  • ZAM180 Platform, SpeedFace M1/M2/M4 Model Firmware Version Affected: ZAM180-NF-Ver1.1.10 and higher
  • ZAM180 Platform, SmartAC1 Model Firmware Version Affected: ZAM180-NF-Ver1.1.10 and higher
  • ZAM180 Platform, ProMA-QR Model Firmware Version Affected: ZAM180-NF20VA-Ver3.1.3 and higher
  • ZAM180 Platform, ProFace X Model Firmware Version Affected: ZAM180-NF-Ver1.1.10 and higher
  • ZAM180 Platform, MiniAC Model Firmware Version Affected: ZAM180-NF40VA-Ver3.0.36 and higher
  • ZAM180 Platform, MiniAC Plus Model Firmware Version Affected: ZAM180-NF-Ver1.1.10 and higher
  • ZAM180 Platform, FacePro-VL Model Firmware Version Affected: ZAM180-NF-Ver1.1.10 and higher
  • ZAM180 Platform, Face ID5 Model Firmware Version Affected: ZAM180-NF-Ver1.1.10 and higher
  • ZAM170 Platform, SpeedFace-V5L Model Firmware Version Affected: ZAM170-NF-Ver1.5.40 and higher
  • ZAM170 Platform, SpeedFace-V5L(TI)/SpeedFace-V5L(TD) Model Firmware Version Affected: TIZAM170-NF-Ver1.5.7 and higher
  • ZAM170 Platform, ProFace X Model Firmware Version Affected: ZAM170-NF-Ver1.5.40 and higher
  • ZAM170 Platform, ProFace X(TI)/ProFace X(TD) Model Firmware Version Affected: TIZAM170-NF-Ver1.5.8 and higher

Recommendations for Temporary Measures

For all listed models:

  • Disable the Steady QR Code mode until the firmware update is applied.
  • Switch to the dynamic QR code mode, which has been confirmed secure and is not affected by the vulnerabilities.

Update Schedule

  • Immediate Release: Firmware updates for Model ZK-X100 and ZK-X200 will be available starting June 23rd.
  • Subsequent Releases: Updates for Model ZK-X300 and ZK-X500 will follow within the next 30 working days.

Contact for Support

Should you require immediate assistance or have any concerns regarding your specific model, please contact us at uk.support@zkteco.co.uk. Our team is ready to assist you.

Related News