April 5, 2024 at 08:40AM
A self-service check-in terminal at a German hotel leaked room keycodes due to a security flaw. Anyone could access an array of keycodes within minutes, compromising guest safety and security. Accor Security fixed the issue in a month, and dormakaba’s door locks also faced vulnerabilities. Omni Hotels experienced IT issues, affecting bookings and door locks.
Key Points from Meeting Notes:
1. Self-service check-in terminal at a German Ibis budget hotel leaked hotel room keycodes.
2. Security flaw allowed easy access to room keycodes through terminal usage with no technical knowledge or tools required.
3. Terminal also revealed extensive booking details with invalid input, suggesting a significant security vulnerability.
4. Potential consequences range from theft to safety risks for guests, and may have been exploited without detection.
5. Accor Security acknowledged and fixed the issue in under a month after discovery, with a fix deployed by January 26, 2023.
6. Separate vulnerabilities in other hotel security systems were also reported, indicating a wider industry concern.
7. Fix for another hotel security issue is in progress but deployment is not yet complete.
These takeaways highlight severe security vulnerabilities in hotel self-service check-in terminals and keycard lock systems, along with ongoing efforts to address these issues.