ZKAccess Control Tested

Published Dec 04, 2017 15:35 PM

China manufacturer ZKTeco / ZKAcces has been expanding in the West, offering a low-cost access control platform.

But how good is it? And how does it compare to the emerging access control offerings of Dahua and Hikvision?

We bought a ZKAccess C3-100 single door controller to find out.

We tested ZKAccess and its management application to see how it stacks up against competitors in the security space.

In this report, we cover these findings and more:

  • 5 key strengths and 5 key weaknesses
  • Comparison to Hikvision and Dahua Access
  • 2 videos showing physical build details of the controller and reader devices
  • A teardown view image showing the inside of the Controller
  • 4 video screencasts explaining how ZKAccess' management client works
  • Initial cybersecurity review

Inside, we detail our findings on how well the system operates, where it is weak, and how it compares to other access systems.

[Note: We have previously tested Dahua and Hikvision's access control offering as well, and are the platforms we compared ZKAccess to in this report.]

Key Tested Strengths

Our tests reveal ZKAccess' key strengths:

  • One Application for Everything: ZKAccess uses one main software for management, operation, and configuration of the platform unlike competitors which often break operations out into standalone applications. Everything is combined in a locally downloaded, browser based client application that will take most users just a few minutes to learn.
  • Good Mapping: While some 'budget' access platform cut out modules like floorplan mapping interfaces, ZKAccess includes a basic one that is simple to set up and will be useful to small systems.  However, larger or complex deployments may outgrow it. The section below explains this in detail.
  • Quality Support: Unlike Dahua and Hikvision, ZKAccess support understand access control and was able to quickly help.
  • Badge Picture Overlays: ZKAccess displays the photo ID thumbnail registered with a badge scan, so it is possible to visually confirm credential holders are indeed the ones using issued badges at a glance and not unauthorized individuals. 
  • Good Reporting: ZKAccess avoids the pitfall of poor reporting, and the data collected can be queried with custom filters, and exported in a number of commonly usable filetypes for import into other systems.

Tested Weaknesses

However, our test reveals and reinforces key drawbacks to ZKAccess platform:

  • Interface Bloated With Dialog Boxes: Many basic commands and screens are interrupted with frequent dialog boxes that popup for acknowledgement. When they popup, system status cannot be displayed in realtime or some functions may not work until fully completed, slowing down operation of minor tasks.
  • Limited Video: When integrating ZKAccess with video, options are limited to selected Hikvision NVRs or DVRs, significantly limiting integration choices. Any linked events or bookmarks must be manually configured. For most applications, a VMS or video management application is needed for deep search, playback, or exporting controls.  Video integration is weak for ZKAccess even beyond what is typical for budget access systems.
  • Cybersecurity Weaknesses: Telnet is left open and allows leaving the manufacturer default password.
  • Only Wiegand or RS485 Readers: We connected multiple types of readers, including ZKAccess' own 125 kHZ branded models, and HID 125 kHz or 13.56 MHz models. The only option for connecting most of these units was basic, unidirectional, unsupervised Wiegand using the most vulnerable 26-bit format. Many smaller systems now support OSDP as an option to increase security of the reader bus, but ZKAccess does not.
  • No PoE: The lack of PoE support also means that electrical infrastructure needs to be run to the door, a costly and often expensive consideration not needed with PoE controllers.

ZKAccess vs. Access vs. Dahua Access

At a high level, ZKAccess is better and more reliable than Dahua Access, but lacks the hardware design and ruggedness of Hikvision Access. All three offerings are in the lower price-point tier for access control, and all three are generally best suited to small, basic systems with a relatively small number of locally connected doors. 

ZKAccess offers US-based technical support, which we called several times during our test.  In comparison to both Hikvision and Dahua, the support and aptitude of ZKAccess was much better, and in all cases the first agent we spoke with was familiar with the application, terminology, and scope of our questions and answered them inside of 20 minutes of the call.

Difference Between ZKTeco and ZKAccess is Branding

As noted in our ZKTeco/ZKAccess Company Profile, ZKAccess is the North American division of Chinese-based ZKTeco:

ZKAccess is largely an administrative/ 'value added' distribution division, as the company still primarily sells, distributes, and supports ZKTeco hardware and products. Unit pricing then is based of high-volume, low cost Asian manufacturing, but has a dedicated office that regionalizes firmware/ certifications and supports it for US customers.

Indeed, while our test involved strictly ZKAccess equipment and parts, much of the branding and logos on the equipment displayed 'ZKTeco' instead, including the large decal prominent on the main enclosure:

ZKAccess Pricing Examined

Street price for a ZKAccess C3 two-door controller and enclosure runs ~$500, while a two-door Dahua offset has a street cost of ~$150, and Hikvision's version runs ~$600.

This puts ZKAccess slightly less than Hikvision, but over 3X more than Dahua. However, pricing for all three offerings is generally lower than mainstream western counterparts using HID or Mercury hardware, often running $1,200 or more for a two-door controller.

However, the low priced options often do not furnish integrations with other security systems or management software, or rely on outside integrations. For more pricing analysis against incumbent two-door system kits, see our Dahua and Hikvision Entering Access Control post.

Managed Via Browser Dependent Local Client

ZKAccess' free management software, named ZKAccess Panel Software, combines access control component configuration and management in one application. The client uses a web browser but requires an installed client to sync the interface with system hardware. Despite using browsers, the system cannot be accessed by typical IP address, and the client must be installed on machines used to manage the system.

The screenshot below shows the general interface layout, with all screens navigable via tabs on one screen:

Strengths include wide compatibility with many workstations and OS platforms, and a familiar navigation structure, but the cons are quirky real-time updates and random slowdowns not typical of pure thin client applications.

In terms of feature support, ZKAccess includes basic scheduling, mapping, integrated video/access event bookmarking, and manual door 'unlock' and 'lock' controls similar to other small access platforms. However, some features are missing, such as no ID Badge Printing, and no easy multisite or multi-location management.

System storage is split between local workstation databases and storage onboard the panel.  Permanent records like user lists and schedules are kept on workstations, but temporary log events are stored on the controller.

Access Controller Physical Overview

In terms of device construction, the video below illustrates the size and build quality of the controller. The controller and enclosure both feature a 'black on black' color scheme, which can complicate wiring in dimly lit locations. However, while small, board and contact size are typical of most access or intrusion boards. 

Uncommon to other access controllers, the mainboard features an SD card slot for true 'offline' function and local storage of log events. 

The video below offers a hands-on look:

Door configuration takes place in the same management application used to operate the production system, simplifying the places and apps installers/users need to be familiar with:

C3 Controller Teardown View

Inside the controller's housing, a standard field replaceable CR-2032 clock battery, bank of relays, and various status LEDs are present:

The number and location of board LEDs proved to offer a good range of feedback on system status when the app was not available. For example, rather than just a generic 'Power On' LED common to most hardware, ZKAccess featured LEDs at each point that power was connected or transformed, so troubleshooting can quickly narrow down to a specific hardware point. With the LEDs, Technicians can troubleshoot basic hardware issues without connecting a laptop to the system.

Door Controller Side-by-side Comparison

ZKAccess' enclosure is slightly smaller, and is overall less installer friendly compared to Hikvision access.  The Hikvision panel includes a full-sized contact terminal strip, while ZKAccess requires installers connect devices directly to the controller panel using Phoenix style connectors. ZKAccess' single-door, two-door, and four-door models share similar wiring layouts, but are dimensionally different, with the single-door unit being about 80% the size of the two door model.

The contrast between ZKAccess and Hikvision Access is shown in this image:

Power for ZKAccess is delivered via separate plug-mounted wall transformer, while Hikvision includes this inside the cabinet. Neither panel can use PoE and must have 120VAC available.

ZKAccess User Management Interface

Testing shows ZKAccesss interface to be comparable with other small access platforms, including features live pushed status events, manual access controls, and door controller and user management features included. In our test, all features functioned correctly, although the nested operation of dialog boxes often prevented 'real-time' events from showing until acknowledged. 

The video below shows off the basic structure and features of ZKAccess' management interface:

Bad: Real-Time Browser Client Hangs

A quirk of the browser interface is that nested dialog boxes need to be acknowledged before real-time updates are displayed. 

The interface freezes until 'OK' or acknowledgment is given, even if real activity is happening. An example is shown in the video below:

In all cases, real time event updates froze, but on one or two occasional events, the freezing correlated with functions not working at all, like the 'failed to send the request' error noted below:

The error events quickly rectified via retries or rescans, but the fact they happened at all is a problem.

Bad: Two-Step Manual Door Operations

Another potential problem with the interface is the multiple steps required to activate certain features, where on action is expected or typically needed by other systems.

For example, the manual unlock door control is a two-step process, and just clicking 'unlock' does not unlatch the door. A second screen, to establish unlock duration is needed to be selected too. The animation shows this:

While not a showstopping weakness, the extra step these 'one shot' actions typically need can complicate and slow down what should be simple functions.

Good: Visitor Management Included

In an uncommon move, ZKAccess includes a Visitor Management module in the basic free software. The video below gives a quick overview of the feature:

The key value of an integrated module is provisioning door access for repeated visitors and tracking them within system logs.

The tested module works well, as when certain visitors are frequent, like delivery people, they can only enter specific allowed doors and any access event they make is specially flagged.  Also, collecting headshot images for video verification can be done from the platform.

Good: Platform Mapping

Our test showed the integrate Map builder client easy to work with and useful for basic access layouts.  Manual controls are a right click to retrieve, and actions pop-up as they occur. The video below gives more detail:

While importing floorplans and dragging/dropping icons is easy, the placement options and icons to chose from are limited, and the size cannot be scaled.  For large facilities, big floorplan files will be needed or door icons may be crowded.

The mapped device options are limited to doors and cameras. Control or display of other devices like call stations or alarm panels are not available in the map module.

3rd Party Reader Compatibility Is Basic

In the video below, we look at ZKAccess branded 125 kHz reader. We also tested HID Multiclass models using Wiegand integration and found the controller equally supported reads from those units.

While Wiegand support is 'open' to many 3rd-party units, ZKAccess does not support OSDP, which is a serial, encrypted method of handling reader communication. 

Good: Platform Has Strong Reporting

One aspect that tested well: Platform reporting of system events via custom queries, printing them, and exporting them from within the application is reliable and flexible, and no outside tools or utilities are needed. We detailed this in the video below:

Output file formats include.TXT or .CSV files, and .PDF reports are formatted for batch printing our import into external software. 

Telnet Port Open, Potential Cybersecurity Trouble

One potential area of trouble was ZKAccess leaving Port 23 open - commonly used for Telnet, and a common source of security exploits:

In general, it would be better if this port was completely closed, as Telnet is not needed in normal operation nor typically even needed for troubleshooting.

While the controller has no webserver and requires a client for normal operation, the controller locally stores log information encompassing more detail that just controls for a single door controller. Packet sniffing command traffic showed data to not be 'open text' and is obscured against command line spoofing:

Indeed, the controller uses default usernames and passwords (admin, admin) during install, and unless specific attention to paid to changing them, the platform enforces no changes or warning against them.

Our review of the unit's security was introductory and did not include formal penetration testing or sophisticated examination of device security, and given the vulnerabilities of ZKAccess devices, no guarantees of hardened or secure design should be expected.

Premium 'Pro' and ZKBioSecurity Not Tested

In followups with ZKAccess, the point that several observed limitations of the platform we tested are addressed by premium offerings, including 'Pro kit' hardware that offers PoE (via included splitter), or the per-door licensed-based ZKBioSecurity management platform that supports ONVIF video.

Additionally, ZKAccess tells us the free version we tested above has been under 'frozen' development for a year.

We have not tested those premium offerings, but for users investigating applications where expanded functionality is needed, ZKAccess may offer variations that satisfy them at additional cost.

 

Comments are shown for subscribers only. Login or Join