Hotel Self Check-In Kiosks Exposed Room Access Codes

Hotel Self Check-In Kiosks Exposed Room Access Codes

April 2, 2024 at 10:03AM

Pentagrid reported a vulnerability in self check-in kiosks at Ibis Budget hotels, potentially exposing keypad codes used to enter rooms. The vulnerability was found in Germany, but likely impacted other European hotels. Accor, the brand owner, promptly addressed the issue. The flaw could have allowed unauthorized room access, posing a security risk.

Key takeaways from the meeting notes:

– Self check-in kiosks at Ibis Budget hotels in Germany and other European countries were affected by a vulnerability that exposed keypad codes for room entry.
– The vulnerability was discovered by Pentagrid hackers in late 2023 and was likely present in other Ibis Budget hotels.
– Accor, the owner of the Ibis Budget brand, was promptly notified and rolled out patches to affected devices.
– The vulnerability allowed access to room numbers and door keypad codes, which remained unchanged during a customer’s stay.
– It’s unclear which company makes the impacted kiosks, and physical access to the targeted terminal during self-service hours was required to exploit the vulnerability.
– The potential impact could have led to theft of valuables, especially in low-budget hotel rooms without room safes.
– Accor has been reached out to for comment by SecurityWeek.

If you need further details or have any other requests, please let me know.

Full Article