Security News > 2024 > June > Check-in terminals used by thousands of hotels leak guest info

Check-in terminals used by thousands of hotels leak guest info
2024-06-05 20:43

Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests' personal information and the keys for other rooms.

These terminals allow people to book and check into the hotel themselves, handle the payment process via a POS subsystem, print invoices, and provision RFID transponders used as room keys.

The vulnerable terminals are typically used in small to medium-sized establishments where emplying check-in staff 24/7 would be to costly for the business.

According to Ariane Systems, its self-checkout solutions are currently used by 3,000 hotels in 25 countries, which collectively have over 500,000 rooms.

Hotel operators using Ariane Systems terminals are recommended to isolate the self check-in machines from the hotel network and other critical systems and contact the vendor to determine if they are running a secure version.

In April, Schobert discovered a similar issue at a self check-in terminal used by a German Ibis hotel.


News URL

https://www.bleepingcomputer.com/news/security/check-in-terminals-used-by-thousands-of-hotels-leak-guest-info/