IBM found vulnerabilities on visitor management systems allow hackers to sneak into sensitive areas

IBM security researchers have found that there are 19 vulnerabilities in the top five most popular visitor management systems. Hackers can exploit vulnerabilities to steal relevant data and even sneak into sensitive, forbidden areas of office buildings. The lobby and reception areas of the office building are often equipped with a visitor management system to check employees or visitors and let them enter the workplace. If it is a visitor, it will check the name and the person who meets through the touch screen and tablet, and then print or distribute the card after passing.

However, IBM security researchers have found that these systems have some insecure vulnerabilities. IBM checked five popular systems, Lobby Track Desktop, eVisitorPass, EasyLobby Solo, Envoy Passport and The Receptionist, which have 7, 5, 4, 2 and 1 vulnerabilities respectively.

Intruders can use the vulnerability to download visitor logs and get information such as name, driver’s license, social security data, and mobile phone number. With some vulnerabilities, you can even access to the underlying operating system, and you can piot to other applications and networks if connected. Even, intruders can even get a default management certificate and have full control over the application, such as editing the guest database.