Digital systems that let visitors check in and get access badges have become increasingly common in office buildings, but researchers from IBM say some of the devices have hidden flaws that could render facilities insecure.
The IBM X-Force Red security unit found they were able to break out of the (security) kiosk and interact with the underlying Windows operating systems. “… and from there do things like drop malware or open up the database,” according to the facility’s research director.
Accessing the database could release sensitive information, such as the identities of others who have visited the office, or allow them to impersonate expected visitors to get in to offices without permission.
The systems are apparently designed to be used without an attendant, but exactly how they’re deployed likely varies from site to site, according to the IBM security unit. Read more here.