Ariane Systems’ self check-in terminals, installed in thousands of hotels worldwide, are facing a severe security vulnerability. This flaw, discovered by Pentagrid security researcher Martin Schobert, allows bypassing the kiosk mode and accessing the underlying Windows desktop. From this access point, an attacker can retrieve guests’ personal information, invoices, and even create room keys for other rooms. Despite repeated attempts to notify the vendor since March, Schobert has not received a satisfactory response regarding a firmware update to fix the issue.
The vulnerability occurs when a single quote is entered on the reservations look-up screen, causing the application to hang. Touching the screen again prompts the Windows operating system to offer the option to end the app’s process, granting access to the desktop. This access can potentially lead to attacks on the hotel network and the exposure of personal data, including reservation details and invoices. The ability to inject and execute program code further exacerbates the risk, allowing unauthorized room key creation.
Ariane Systems’ self-checkout solutions are utilized by approximately 3,000 hotels in 25 countries, covering over 500,000 rooms. The clientele includes one-third of the world’s top 100 hotel chains, making the impact of this security flaw extensive. Despite claims from the vendor that the issues have been addressed, the specific firmware version that resolves the problem remains unidentified. This uncertainty leaves numerous terminals potentially vulnerable, with hotel chains unaware of their risk status.
To mitigate the risk, hotel operators using Ariane Systems terminals are advised to isolate the self check-in machines from the hotel network and other critical systems. They should also contact the vendor to ensure they are running a secure version of the software. In a related incident, Schobert identified a similar vulnerability at a German Ibis hotel, where inputting six consecutive dashes revealed booking details. This ongoing issue underscores the need for urgent action to secure hotel self check-in terminals against such vulnerabilities.
Reference:
