Researchers have uncovered an unprecedented hack that doesn't even require you to be a hacker.
In one of the German hotels of the Ibis vulnerability was discovered in self-service terminals that allows access to room codes. The researchers suggest that the problem may also apply to many other hotels across Europe.
Hotel terminals designed for self-registration of guests allow you not only to check in to the room, but also to get information about existing reservations. The identified security flaw allows anyone, without special knowledge or tools, to collect room access codes by entering a sequence of six dashes as the booking number.
Martin Schobert of the Swiss cybersecurity firm Pentagrid, who discovered the vulnerability, was able to obtain data on 87 bookings at Hamburg's Ibis Budget hotel. The problem was that the system gave out booking details, including valid room access codes and their cost, which could have contributed to theft and other abuse.
Accor Security, responsible for security at the Ibis Budget hotel chain, confirmed the existence of the vulnerability and quickly developed and implemented a software update for all affected terminals. The vulnerability was fixed less than a month after it was discovered.
This case is just one of a number of hotel security problems discovered recently. Previously, researchers identified vulnerabilities in Saflock lock systems affecting about 3 million hotel doors worldwide, as well as other IT problems affecting booking, payment and access systems in hotels of various chains.
In one of the German hotels of the Ibis vulnerability was discovered in self-service terminals that allows access to room codes. The researchers suggest that the problem may also apply to many other hotels across Europe.
Hotel terminals designed for self-registration of guests allow you not only to check in to the room, but also to get information about existing reservations. The identified security flaw allows anyone, without special knowledge or tools, to collect room access codes by entering a sequence of six dashes as the booking number.
Martin Schobert of the Swiss cybersecurity firm Pentagrid, who discovered the vulnerability, was able to obtain data on 87 bookings at Hamburg's Ibis Budget hotel. The problem was that the system gave out booking details, including valid room access codes and their cost, which could have contributed to theft and other abuse.
Accor Security, responsible for security at the Ibis Budget hotel chain, confirmed the existence of the vulnerability and quickly developed and implemented a software update for all affected terminals. The vulnerability was fixed less than a month after it was discovered.
This case is just one of a number of hotel security problems discovered recently. Previously, researchers identified vulnerabilities in Saflock lock systems affecting about 3 million hotel doors worldwide, as well as other IT problems affecting booking, payment and access systems in hotels of various chains.
