Offices buildings that use digital systems to let visitors in are at increased risk of hackers getting into their systems.
According to a report in Fast Company citing IBM, researchers have discovered that some of the devices have flaws that make the systems insecure. Hackers could get into the systems to access databases that record who is visiting the office or enable them to impersonate visitors who are scheduled in a scheme to gain access to the offices.
“We found that you could break out of the kiosk and interact with the underlying Windows operating systems, and from there do things like drop malware or open up the database,” Daniel Crowder, research director at the IBM X-Force Red security unit, said in the report. “Knowing, for instance, that the CEO of a related company has been visiting every day for the last few weeks would be valuable intelligence to collect. Depending on what data the visitor management system stores, there may be an opportunity for identity theft as well.”
While many of the systems are created with the idea that there will be a person at the front, how companies use them depends on the site, the researcher said. Crowder named systems that could be breached, which include Lobby Track Desktop, EasyLobby Solo, eVisitorPass, Envoy Passport, and The Receptionist for iPad, according to the report. All of the companies were notified by IBM so they can create a security patch for the systems.
The research at IBM was first conducted by Hannah Robbins and Scott Brink, two interns who tapped the X-Force Red team for guidance and support. The two probed the software that powered the devices. They didn't look into the visitor tracking tools. Crowder was prompted to look into that aspect after his investigative work found there is much research published about the systems, noted the report.