Connect with us

Technology

Hospitality Establishments With Visitor Management Systems Are Vulnerable To Cyber Frauds

Published

on

Hotels and other industries using Visitor Management Systems are at risk of possible cyber attacks

The world without internet has seen hotels and hospitality establishments with human assistants, security guards, and receptionists. Now, these human employees are gradually being replaced with computers and visitor management systems.

However, researchers from IBM have discovered that there are a plethora of vulnerabilities found in these visitor management systems that have replaced humans and raised concerns of possible data breach and infiltration of cybercriminals.

In the age of the internet, automation, artificial intelligence (AI), machine learning (ML), and the internet of things (IoT) started to become part of every aspect of our daily lives. The advent of visitor management systems, which allows automating and virtually process visitor management tasks like reception or guest bookings, has permitted the hospitality industry to improve the security of their establishments for the benefit of their guests and visitors while saving money from the human workforce that these tasked used to require.

Unlike simple pen and paper, they can authenticate visitors and provision badges for them in an automated way without allowing anyone to see who else has visited. If a visitor management system is working correctly, it should be easier to identify which visitors are legitimate and if they should be allowed to move throughout the campus unescorted. If the systems are not working as intended, they can provide a false sense of security to the companies deploying them.

This is why there is no doubt that hospitality management system industry is poised to grow as their markets expand. The industry is even expected to become a $1.3 billion industry by the end of 2025.

However, the introduction of the internet to any system invites possible attacks and opens security vulnerabilities found in badges and digital control systems. The internet primarily provides opportunities to cybercriminals to exploit these systems and bypass all its security mechanism to carry out their illegal activists, most of the time, to the expense of the guests and their visitors.

Infiltrating hospitality establishments like hotels and resorts is not a common thing at all. In fact, social engineering, where criminals are dressing up as maintenance crews or disguising as other people, has since been a strategy for offline criminals. For cyberattackers, the ability to tamper with access controls may give them unauthorized access to buildings and areas for criminal schemes.

“If a visitor management system is working properly, it should be easier to identify which visitors are legitimate and if they should be allowed to move throughout the campus unescorted,” IBM says. “If the systems are not working as intended, they can provide a false sense of security to the companies deploying them.”

The company’s cybersecurity team, IBM X-Force Red revealed in a study that visitor management systems that are widely used in different hospitality establishment across the globe are indeed swathed with vulnerabilities that cybercriminals can easily exploit. The team tested security protocols of five popular visitor management systems offered by Jolly Technologies, HID Global, Threshold Security, Envoy, and The Receptionist.

DATA BREACH AND IMPERSONATION

IBM X-Force Red’s findings included information disclosure vulnerabilities, the use of default administrator credentials, privilege escalation bugs which could permit information breakouts of kiosk environments, and data leakage including visitor records, social security numbers, and driving license numbers.

“Even if the visitor management system is not connected to any network and does not issue badges, it still holds data about visitors, which can be a boon to competitors and inside traders,” the researchers say. “Knowing, for instance, that the CEO of a related company has been visiting every day for the last few weeks could be valuable intelligence to collect. Depending on what data the visitor management system stores, there may be an opportunity for identity theft as well.”

The researchers notified the vendors of the said tested visitor management systems before they disclosed the results to the public. Most of the determined vulnerabilities were fixed while some are being analyzed and bug fixes will be rolled out in the near futures. Some other issues are now being mitigated using different isolation techniques and improved security protocol at the end of the hospitality establishment that is using the said visitor management systems.

A Consumer Tech and Cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Podcast

Spotify Goes Big On Podcasts

Spotify redesigns UI to put focus on podcasts as the company goes big by spending $500 million on acquisitions to improve their standing in the podcast market. They also encourage users to create new podcasts using new tools. Click To Tweet

Published

on

Spotify redesigned UI to direct users to their favorite podcast shows.
Spotify spends $500 million this year in an effort to lead the podcast market. Photo: Michael Fötsch | Flickr | CC BY-SA 2.0

The popular music streaming app, Spotify, is all-in with podcasts as it launches a redesigned user interface (UI) that refocuses Spotify into two different audio categories: Music and Podcasts. While it is not new that podcasts and audio shows are already thriving in the app, Spotify makes it easier for listeners to navigate the app to search for their favorite podcast shows.

The new redesigned UI is only available for a limited number of users as of now, though, and was first reported last week. The new design emphasizes bolded headings for both “music” and “podcasts” on the app’s library page. Currently, Spotify users have to sift through six categories at the top of their library pages to find a dedicated podcast section. While Spotify confirmed that they were testing “new products,” they declined to comment on when the new redesigned UI would roll out to all users.

Screenshot from The Verge

According to Spotify, last year, “seven million people in the US produced podcasts—and even more, people consumed them.” And it makes sense why the app company is putting money on podcasts on its platform. Spotify has spent up to $500 million on podcasts alone. The spending included their acquisition of major companies like Gimlet Media. The equivocal emphasis of Spotify to spend on promoting podcasts on its platform says so much about its goal to compete with Apple and Luminary to try to become the go-to place for podcast listeners, and improving “discoverability” and ease of use is necessary to achieve their goal.

A few days ago, Spotify also released a tool called Soundtrap for Storytellers to encourage podcast producers to produce more shows on Spotify. Soundtrap for Storytellers is a comprehensive podcast creation tool that offers recording, remote multi-track interviewing with video chat, smart editing of audio as a text document, full audio production, direct-to-Spotify publishing of the podcast, and transcript publishing to optimize SEO all in one service.

In an event hosted by Spotify for the launch of Soundtap for Storytellers, they invited popular podcast producers to talk about their craft and how they can use the new tool in their podcasts. Hannah Berner, the host of the popular podcast show Berning in Hell, said that she “think(s) a lot of podcasters don’t have any knowledge about the importance of SEO, or getting found in unique ways, besides just promoting on our social media. So having a transcript of what you’re saying that also helps with SEO is incredible.”

Soundtrap demo at the Spotify Office. Photo: Spotify

Lindsay Metselaar, host of We Met At Acme, said that the prospect of being able to record with people who are not physically with her is what excites her the most about the new podcast creation tool.

“The fact that you can record with someone when they’re not physically with you is huge. I’m not able to do that right now because the sound quality is just not the same with other programs or over the phone. But Soundtrap allows two computers to have the same recording situation set up. That’s huge for podcasting,” she said.

The new podcast tool is available starting May 14 online and on iOS and Android, with pricing starting at $14.99/month and an annual plan starting at $11.99/month.

In addition to Soundtrap for Storytellers, Spotify is also encouraging new artists to create more podcasts on its newly acquired tool called Anchor. Anchor is a free-to-use podcast creation, distribution and monetization platform that says its mission is to “democratize audio.” It was one of two New York-based podcast companies (alongside Gimlet Media) acquired by Spotify in February for $343 million combined.

“There’s no doubt that podcasting is expanding like crazy, and if you have a story to tell, someone out there is dying to hear it,” writes Spotify in the news post.

“For those who are ready to experiment, have fun, and try out a new way to connect with fans, here’s why it’s time for you to start using Anchor.”

Spotify is making a concerted effort to encourage more of its platform’s 3.9 million artists and dedicated-podcast creators to use its marketplace tools – like Anchor and Soundtrap for Storytellers. If successful, Spotify will make itself a one-stop-shop for podcast producers, hosts, and artists, and might be able to top competitors like Apple and Luminary in the podcast wars online.

Continue Reading

Cybersecurity

10 European Cybercriminals Charged For Malware Attacks In The US

European and US Officials collaborated to pin down ten individuals in connection with the ransomware attacks in the US. The charges include facing conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy… Click To Tweet

Published

on

European and US Officials collaborated to pin down ten individuals in connection with the ransomware attacks in the US.
European and US Officials collaborated to pin down ten individuals in connection with the ransomware attacks in the US. Photo: Christian Cohen | Flickr | CC BY-SA 2.0

The tech world has agreed that ransomware and malware are becoming one of the most prolific cyber attacks in recent years and 2019 is poised to break records in terms of the number of cyber attacks in history. And they seem to be not wrong, especially that US and European officials have officially charged ten individuals in connection with the swath of ransomware attacks that have plagued different government and private organizations both in the US and Europe.

The ten people who were charged were allegedly involved in the malicious software attacks that infected tens of thousands of computers and caused more than $100 million in financial losses, the US and European authorities announced Thursday.

According to the officials who filed the charges, the malware, which enabled cybercriminals and hackers from Eastern Europe infiltrate computer systems remotely and siphon funds from victim’s bank accounts, targeted companies and institutions across all sectors of American life.

The victims of the malware attacks included a Washington law firm, a church in Texas, a furniture business in California and a casino in Mississippi.

The announcement reveals that the charged individuals came from six countries and several are already awaiting prosecution in Europe. Another defendant in a related case was already extradited to the U.S. from Bulgaria in 2016 and pleaded guilty last month in federal court in Pittsburgh, where Thursday’s case was brought.

The charged individuals are now facing conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy to commit money laundering.

According to Scott Brady, the United States attorney in Pittsburgh, this specific case is a model of how international collaboration can pin down foreign hackers. It stands out from the different instances in which the Justice Department pursued multiple malware prosecutions in recent years.

“It represents a paradigm change in how we prosecute cybercrime,” Brady said in an interview with The Associated Press ahead of a news conference in The Hague with representatives of the six countries.

While the United States can seek immediate extradition of the ten charged individuals, prosecutors will first bring the charged against some of them in the Eastern Europe countries of Ukraine, Moldova, and Georgia.

The investigation started following the dismantling of a network of computer servers, known as Avalanche, which hosted more than two dozen different types of malware. The Justice Department had successfully taken their operation apart in 2016.

“For the past three years, we have been unpeeling an onion as it were that is very challenging to investigate and identify,” Brady said.

Officials reveal that the malware in the current court case has infected more than 41,000 computers by disguising as legitimate messages or invoice and was sent as spam emails. Once the email was opened, hackers will be able to record all keystrokes in the infected computer, sweeping data like baking information and wire money away from the victim’s account.

Brady admits that the effort to recover the stolen funds is arduous, especially in international cybercrime cases such as this one.

“Proceeds were converted to bitcoin, and without the private key, it is really hard to identify and access, let alone seize those accounts,” Brady said.

Ransomware is a cyber attack where hackers infect a computing system with an anomaly or a bug to gain access and control and ask for demands like money to solve the crisis. Ransomware has become extraordinarily popular in the last few months, making it one of the most prolific forms of a cyber attack. In one instance, a ransomware attack has crippled the operation of a city government with just a single attack.

A swath of ransomware has been terrorizing different corporation and government systems around the world in recent months. Norsk Hydro, one of the biggest aluminum producers worldwide, was previously forced to shut down a part of its manual operations because of a cyber attack that targeted its computer systems and internal servers. After an investigation regarding the incident, it was concluded that a LockerGoga ransomware attacked the company.

“Hackers are starting to exploit those gaps at companies of all sizes and industries. The problem is no longer exclusive to large corporations or data-rich organizations. The tools hackers use are cheap, easy to find, and simple to use, which makes hacking for fun or profit easier than ever,” tech expert said about a ransomware attack.

Continue Reading

Cybersecurity

iOS Twitter Users Had Their Location “Inadvertently” Sent To Twitter’s “Trusted Partner”

Twitter said that they inadvertently sent iOS location data to a trusted advertising partner due to a bug that enabled them to send those data inadvertently. Click To Tweet

Published

on

Twitter has sent iOS location data to a trusted partner due to a bug.
Twitter said that they inadvertently sent iOS location data to a trusted advertising partner. Photo: Stock Catalog | Flickr | CC BY 2.0

Because of a bug in Twitter’s system, the popular social media and microblogging site announced this week that they had been inadvertently collecting and sharing location data from iOS versions of their application and sending it to a trusted partner without the consent of the affected users.

In a blog post, Twitter said that they discovered a data breach caused by a bug and they were “inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances.”

The said data breach specifically affected those who have been using more than one account in an iOS Twitter app while their precise location setting has been enabled.

“we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature,” Twitter wrote.

Nonetheless, Twitter clarified that none of the transmitted data were actually “precise” location data because it was already “fuzzed” to only include a ZIP code or city (5 km squared), adding that the disclosed data could not be used to map the location of the affected users.

Twitter also assured the affected users that the partner did not receive any identifiable information such as Twitter handles or other unique account IDs that could have compromised the affected user’s identity.

Furthermore, Twitter said that the inadvertent sending of users’ location data happened during a process called “real-time bidding” (RTB) with one of its “trusted advertising partner.”

“We have fixed this problem and are working hard to make sure it does not happen again. We have also communicated with the people whose accounts were impacted to let them know the bug has been fixed. We invite you to check your privacy settings to make sure you’re only sharing the data you want to with us,” they assured their users.

As for those who are concerned whether or not their data was used by whoever received it, Twitter clarified that they had communication with their partner and found out that the advertising company did not retain the information that was unintentionally sent to them.

“We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process.”

It is still unclear when this unintentional sending of user location data nor did Twitter name who the trusted partner is in its post regarding the bug.

Reporters have reached out to Twitter to gain further insight regarding what happened, but Twitter refused to comment further than they have already posted in their announcement. On the other hand, they said that they have already notified the users who were affected by the bug problem and noted that other victims could contact Twitter by filling up this form.

“We’re very sorry this happened. We recognize and appreciate the trust you place in us and are committed to earning that trust every day.”

Twitter is not the only social media company who had an internal data vulnerability this year. It can be remembered that Facebook has been recording the passwords of some of their users in plain text, a human-readable format, that allows whoever has access to the database can read, understand, and use the user passwords included in it.

Facebook’s Pedro Canahuati, vice president of engineering for security and privacy, initially referred to “some” user passwords that were accessible to Facebook employees. A paragraph later, he revealed that “hundreds of millions of Facebook Lite users, millions of Facebook users, and tens of thousands of Instagram users” would be notified.

Facebook clarified that the issue was purely internal and that only their employees have access to the user passwords. Nonetheless, tech experts have slammed Facebook for the recklessness of what they have done.

“To be clear, these passwords were never visible to anyone outside of Facebook, and we have found no evidence to date that anyone internally abused or improperly accessed them,” Canahuati wrote.

The California-based company said that they already notified users who were affected by the problem and advised them to change their password following the rectification done by Facebook.

Continue Reading

Today’s Latest

Our Voices

We reviewed RingCentral's VoIP offers We reviewed RingCentral's VoIP offers
Our Voice4 days ago

RingCentral VoIP Review

VoIP has had a significant shift from a technology exclusively used by the early adopters or hobbyist to a widely...

April Fools April Fools
Our Voice2 months ago

April Fools Jokes Aren’t Just “Jokes”

April Fools is undoubtedly a fun day, exceptionally if you have crafted the most elaborate prank on your friends and...

Facebook Facebook
Facebook2 months ago

Facebook Should Do Better At Processing Community Standard Violations, And They Should Do It Fast

A few months ago, I saw a photo of myself used by another Facebook account with a “R.I.P. (Rest in...

With reports of artists committing harassments, should you separate the art from the artist? With reports of artists committing harassments, should you separate the art from the artist?
Our Voice2 months ago

Supporting Problematic Artists And Their Arts, An Opinion

As the world becomes swarmed by reports of famous artists – musicians, comedians, actors, painters – being alleged or in...

How to regulate facial recognition without possible risks How to regulate facial recognition without possible risks
Our Voice2 months ago

Ethical Regulation Of ‘Facial Recognition’ Is A Shared Responsibility

There is an ongoing discussion both in online and offline spaces regarding the growth of facial recognition technology and its...

Solving Data Breachs, must focus on SMBs Solving Data Breachs, must focus on SMBs
Cybersecurity2 months ago

Data Breach Epidemic: Solving The Problem In SMBs Will Solve The Problem For All

In the last two weeks, we’ve witnessed a vast amount of data breaches and information leaks, and the issue has...

Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects
Our Voice2 months ago

We Agree To PM Ardern Of Keeping Christchurch Murderer Nameless, And The Media Should Listen

In the wake of Christchurch mosques shooting in New Zealand that killed 50 people at two mosques, the shooter is...

Apple Anti-Snooping Paten Apple Anti-Snooping Paten
Apple2 months ago

Apple vs. Police Authorities; A Cold War Against iPhone’s Anti-Snooping Patent

To protect its customers from hackers and illegal surveillance, Apple is developing an anti-snooping technology that would impede police and...

Fighting misinformation over measles outbreak Fighting misinformation over measles outbreak
Our Voice2 months ago

An Epidemic: Measles Or Misinformation?

2018 was the year when people started asking the question: ‘should I get my child vaccinated?’ Most people answered yes,...

Join us as we delve into the future of the VoIP industry Join us as we delve into the future of the VoIP industry
Our Voice3 months ago

Take A Look At The Predicted Future Of The VoIP Industry

For the past 20 years, VoIP has become an integral part of the lives of millions of people around the...

Contact Center Solutions Contact Center Solutions
Business3 months ago

Choose The Right Call Center And The Best Contact Center Solutions of 2019

The Ins And Outs Of Business Communication Management For your business to exist in today’s world, you must know how...

Instagram poses as a threat to some of the world's most famous location Instagram poses as a threat to some of the world's most famous location
Our Voice3 months ago

How Instagram Corrupts Famous Locations In The World

Is Instagram corrupting the beauty of breathtakingly beautiful locations and sucking all the joy out of traveling? With the era...

How one can earn crypto How one can earn crypto
Our Voice4 months ago

Ways To Earn Cryptocurrency

Cryptocurrency is one of the growing medium for exchange in most countries as it offers a more convenient and safer...

Ending Payday Loans Ending Payday Loans
Our Voice4 months ago

Can We End Payday Loans?

We can’t neglect the fact that debt is one of the pressing problems in the country, especially in today’s economy....

How will 5G change our lives -- Our Voice How will 5G change our lives -- Our Voice
Our Voice4 months ago

Jumping From 4G To 5G: Here’s What 5G Can Do For You

One of the most awaited advancements in technology is the cellular industry. With its monthly updates on software, model and...

VoIP vs Traditional Telephones: Cost Factors to consider VoIP vs Traditional Telephones: Cost Factors to consider
Our Voice4 months ago

What are the cost factors of VoIP?

In the next few years, we might be saying goodbye to traditional telephone systems in exchange for Voice over Internet...

Manufacturing Firms Investment on Technology Manufacturing Firms Investment on Technology
Our Voice5 months ago

Manufacturing Firms are Investing More on Technology

Based on the recent research on how manufacturing companies are coming up in the market industry, they have been increasing...

How to properly take Technology Innovation in companies How to properly take Technology Innovation in companies
Our Voice5 months ago

Technology innovation in companies—for the better or the worse?

Technology has significantly impacted both homes and workplaces in the last years. As much as we want to keep our...

Trending