Recent research done by IBM’s X-Force Red security unit has discovered 19 vulnerabilities in four Visitor Management Systems, including eVisitorPass, EasyLobby Solo, Envoy and The Receptionist.
Visitor Management Systems are designed to help companies in increasing the security of their sites. That’s done by enabling them to check visitors in, print identification badges and track their ins and outs in the organisation. In addition, these systems let organisations obtain valuable data insights regarding their visitor flows through analytics as well as increase workforce productivity through streamlining sign in process.
However, according to IBM’s report, the bugs found in those software represent a threat to the security of the sites and involved both physical space and data safety concerns. According to Zack Whittaker, from TechCrunch, the reported vulnerabilities were only present at the physical check in point, meaning that the bugs could only happen on the iPad or similar tablet device used as a kiosk. Flaws included visitor data leakage such as phone number, name and email; allowing the avoidance of “kiosk” mode, which would allow access to the devices operating system and therefore the security network; the use of default administrative credentials, which allows full access to the software’s applications; and the issuing of Radio Frequency Identification (RFID) badges, which could allow access to restricted areas of the organisation.
At Teamgo, we pride ourselves on having data security and integrity as the foundation of our business. While we’d like to acknowledge that these software flaws can have serious consequences for companies, we’d like to address this issue by clarifying these vulnerabilities to our customers and what that implies for them.
1. Can someone download my visitor logs and obtain my data?
No. Teamgo visitor sign-in data is not stored on the the kiosk or iPad. Every check-in and check-out requires the communication between the iPad terminal and our Cloud Server, where data is really stored. That means that if the iPad were stolen, no data would fall into the thief’s hand because it would be safe in the Cloud.
However, most visitor sign-in systems have a check out screen with a list of all visitors who are presently onsite. To check-out, visitors simply find their name on that list and tap on it. In a way, it could be said that there is a data concern here, as all visitors can look at that screen and see who’s on site. Still, that list only shows the visitors’ full name and no other information. Teamgo provide a way to mitigate onsite visitor exposure by giving customers the option to hide the check-out list and a use a search field instead, therefore, no one would be able to see who else in onsite.
2. Can the escape of “kiosk” mode be exploited?
The Apple iPad supports a Guided Access feature, which when enabled, prevents users from exiting the app and escaping “kiosk” mode. Apps like Teamgo do not allow access to the underlying operating system by exiting the “kiosk” mode once the Guided Access feature is enabled.
3. Can default administrative credentials edit visitor database?
Access to Teamgo’s administration tools is controlled by access roles and permissions, which means that administration tasks can be executed by multiple people without sharing credentials. Teamgo has different levels of access that can be granted to users to increase the security of administrational features.
Our system does not issue default passwords to any of its users, including administrators. Therefore,a potential attacker would not be able to “guess” a user’s password based upon password convention. Having said that, we do advise that our users choose strong passwords to strengthen the security of their systems.
In addition to these security measures, no visitor records can ever be modified. For GDPR compliance, we provide a built in tool for administrators to delete or anonymise records based on time period or delete all the records, but the information cannot be changed.
4. Can RFID badges be issued without proper authorisation?
Teamgo customers can create integrations which include the ability to open doors using RFID technology, though that is not a default setting of Teamgo. The issuing of this sort of access is solely controlled by the administrator of the system. Ordinary visitors are not able to generate an RFID card, only an authorized employee can perform this task. Therefore, there is no concern regarding intruders printing RFID badges and gaining access to restricted company areas.
Teamgo are always open to communication about security and data integrity, including assisting companies with their visitor management protocols. We welcome any commentary on this situation, as we are always looking to improve our users’ experience and ensure they have an adequate level of security.