IBM Finds Security Flaws in Visitor Check-In Systems -- Security Today

IBM Finds Security Flaws in Visitor Check-In Systems

“We found that you could break out of the kiosk and interact with the underlying Windows operating systems, and from there do things like drop malware or open up the database,” said Daniel Crowder, research director at the IBM X-Force Red security unit.

By Jessica Davis
Mar 05, 2019

Researchers from IBM have found security flaws in some digital systems used in office buildings to let visitors check in and get access badges. According to the researchers, some of the devices used with these systems have flaws that could leave facilities insecure.

By accessing the database, a hacker could learn who else was visiting the office—which could be sensitive information—or allow them to impersonate expected visitors to enter offices without permission.

“Knowing, for instance, that the CEO of a related company has been visiting every day for the last few weeks would be valuable intelligence to collect,” Crowder said. “Depending on what data the visitor management system stores, there may be an opportunity for identity theft as well.”

According to Crowder, these visitor management systems are mostly designed to be used without an attendant, but their deployment can vary from site to site.

Research on these visitor check-in systems was conducted by two college interns with guidance from the X-Force Red team. The researchers investigated the devices’ software, but did not probe any cloud-based visitor tracking tools.

Affected systems include Lobby Track Desktop, EasyLobby Solo, EVisitorPass, Envoy Passport and The Receptionist for iPad.

According to Crowder, IBM notified the system vendors of the vulnerabilities so that they could be patched as needed before IBM disclosed the issues.

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

TSA Awards Rohde & Schwarz Contract for Advanced Airport Screening Ahead of Soccer World Cup 2026

Rohde & Schwarz, a provider of AI-based millimeter wave screening technology, announced today it has won a multi-million dollar award from TSA to supply its QPS201 AIT security scanners to passenger security screening checkpoints at selected Soccer World Cup 2026 host city airports. Read Now
- Airport Security
Brivo, Eagle Eye Networks Merge

Dean Drako, Chairman of Brivo, the leading global provider of cloud-native access control and smart space technologies, and Founder of Eagle Eye Networks, the global leader in cloud AI video surveillance, today announced the two companies will merge, creating the world’s largest AI cloud-native physical security company. The merged company will operate under the Brivo name and deliver a truly unified cloud-native security platform. Read Now
- Artificial Intelligence
Security Industry Association Announces the 2026 Security Megatrends

The Security Industry Association (SIA) has identified and forecasted the 2026 Security Megatrends, which form the basis of SIA’s signature annual Security Megatrends report defining the top 10 factors influencing both near- and long-term change in the global security industry. Read Now
- Artificial Intelligence
The Future of Access Control: Cloud-Based Solutions for Safer Workplaces

Access controls have revolutionized the way we protect our people, assets and operations. Gone are the days of cumbersome keychains and the security liabilities they introduced, but it’s a mistake to think that their evolution has reached its peak. Read Now
- Access Control
A Look at AI

Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now
- Artificial Intelligence

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.
AC Nio

Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.
Mobile Safe Shield

SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.