A researcher from Swiss security firm, Pentagrid, has reported discovering that the self-service check-in terminal at a German Ibis budget hotel could be easily fooled into leaking hotel room keycodes. This has prompted fears that similar systems in hotels around Europe could be at risk.
The researcher reported that, simply by inputting a series of six consecutive dashes (——) instead of a booking reference number, the system displayed private details like the cost of the booking, the room entry keycodes, the room number, and a timestamp that could indicate the length of a guest’s stay. The researcher highlighted how the bug could put guests at risk from thieves.
It’s understood that the owners of Ibis Budget chain, Accor Security, is developing a software fix that could correct all affected terminals in under a month.