Security researchers from IBM detailed 19 vulnerabilities that can be used to steal data on visitors or access off-limit areas in security buildings. These vulnerabilities were found in five of the most popular visitor management systems used around the world which include Lobby Track Desktop, Threshold Security, EasyLobby Solo, Envoy Passport and The Receptionist.
All of the vulnerabilities spotted by IBM requires physical access to the check-in devices, which could allow hackers to download visitor logs including personal information. Some of the exploits could also be used to override permissions and receive access to secure areas of a building or even connect to other apps in the system and steal their data.
With some organizations known to use default admin credentials, IBM notes that it could lead to attackers being able to edit visitor databases or open doors. The security researchers have already notified the companies behind the apps and received prompt responses. Even though the apps have been patched, some of the companies behind them have refused to accept the risks involved. A spokesperson for Envoy claimed that users were not at risk because of the exploit.
According to the researchers, even if the visitor management systems are not connected to other networks, they still host sensitive user information which could be stolen. Visitor management systems are commonly being used to replace receptionists all over the world, but the use of technology also comes with its risks. In late 2018, over 500 million individuals were affected due to a flaw in Marriot’s Guest Reservation Database. It went on to become the second largest data breach in history second to only the Yahoo data breach in 2013.
What do you think about the vulnerabilities discovered by IBM? Let us know in the comments below. Don’t forget to join our discussions on Facebook and Twitter.