Home » Cyber Security News » Data leaks, default passwords exposed in visitor management systems

Data leaks, default passwords exposed in visitor management systems

Researchers have uncovered a swathe of vulnerabilities which impact visitor management systems in which automation has replaced human assistants.

Automation, artificial intelligence (AI), machine learning (ML), the Internet of Things (IoT), and mobility have begun to permeate every aspect of our daily lives. In the hospitality industry, these technologies have presented an opportunity to improve the security of visitors and guests, as well as reduce the human workforce required to maintain protective measures.

So-called visitor management systems which replace your average security guard or reception desk are becoming big business which is expected to become a market worth over $1.3 billion by 2025.

However, the moment you add Internet connectivity to a device, you are inviting potential attacks — and security vulnerabilities found in badges and digital control systems can be just as susceptible to exploit as any other.

See also: Cloudflare expands government warrant canaries in transparency bid

For cyberattackers, the ability to tamper with access controls may give them unauthorized access to buildings and areas for criminal schemes. While this may seem an outlandish prospect, social engineering — such as a man dressing as a maintenance worker to pass through buildings without challenge — is already a well-known tactic.

“If a visitor management system is working properly, it should be easier to identify which visitors are legitimate and if they should be allowed to move throughout the campus unescorted,” IBM says. “If the systems are not working as intended, they can provide a false sense of security to the companies deploying them.”

The company’s cybersecurity team, IBM X-Force Red, recently investigated the security posture of five popular visitor management systems offered by Jolly Technologies, HID Global, Threshold Security, Envoy, and The Receptionist.

TechRepublic: Why businesses fear cyberattacks from ex-employees more than nation states

The team found a total of 19 zero-day vulnerabilities across the vendors’ products; Jolly Technologies’ Lobby Track Desktop, HID Global’s EasyLobby Solo, Threshold Security’s eVisitorPass, Envoy’s Envoy Passport, and The Receptionist system.

IBM X-Force Red’s findings included information disclosure vulnerabilities, the use of default administrator credentials, privilege escalation bugs which could permit information breakouts of kiosk environments, and data leakage including visitor records, social security numbers, and driving license numbers.

CNET: At hearing on federal data-privacy law, debate flares over state rules

“Even if the visitor management system is not connected to any network and does not issue badges, it still holds data about visitors, which can be a boon to competitors and inside traders,” the researchers say. “Knowing, for instance, that the CEO of a related company has been visiting every day for the last few weeks could be valuable intelligence to collect. Depending on what data the visitor management system stores, there may be an opportunity for identity theft as well.”

The vendors impacted by the researchers’ findings were notified before public disclosure. Several of the vulnerabilities have been patched, other fixes will be issued in the near future, and some of the bugs will be mitigated through isolation techniques.

Buy Firewall, Buy Firewall Online, Buy Firewall Online India Buy Firewall, Buy Firewalls Online, Buy Firewall Online in India from IT Monteur's Firewall Firm, Buy Firewall Support, Buy Firewall License & License Renewals

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket