Euro SecurityEuro Security InternationalMiddle East Security
In this issue

(titel, termin, news)

Looking for a supplier? Please enter the supplier name below:

cirosec: Flaws in data security of many hotels prevalent Print E-mail
Wednesday, 13 July 2011 13:41

cirosec, a provider of solutions for IT security, has warned of frequent flaws in the data security of many hotels. Anonymous attackers are often able to read out confidential information of the hotel’s guests like identification data, movies watched during the stay and other personal data.


Even high class hotels often use standard IT solutions with unsecured WLAN-Access points through which unauthorised persons can access the internal database. Because of an SQL injection flaw in the login form for the hotels WLAN, attackers can get to the accesses for WLAN and IPTV of every room in the hotel. The data that is stored there includes all data on the guests of the past years. Complete names and (eMail-) adresses, telephone and mobile contact number as well as passport or identity card numbers can easily be read out.  


The configuration of the TVs in the hotel’s rooms also can easily be manipulated. This way, guests can be fed false messages and notices, including for example a faked fire alarm for the whole building. In the TV applications of hotels, guests can also often rent movies. The information on which movies were rented by which guest can also be accessed. The number of the credit card used fort he application is also stored locally and uncoded together with it’s verification code. []

Last Updated on Wednesday, 13 July 2011 13:44

User Rating:   / 0


Subscribe to our newsletter to receive the latest news/updates: