Context
Ariane Systems self-check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests’ personal information and the keys for other rooms, according to a new report form Pentagrid.
Community Impact
According to Ariane Systems, its self-checkout solutions are currently used by 3,000 hotels in 25 countries, which collectively have over 500,000 rooms. Among their clients are one-third of the world’s top 100 hotel chains. Currently, it is unknown which version of the application fixes the problem, how many terminals are using a vulnerable version, and which hotel chains are impacted.
Hotel operators using Ariane Systems terminals are recommended to isolate the self-check-in machines from the hotel network and other critical systems and contact the vendor to determine if they are running the latest and most secure version. RH-ISAC Members are also encouraged to apply the following mitigations below once deemed applicable.
Background
Ariane Allegro Scenario Player-based hotel check-in terminals allow guests to book and check into the hotel themselves, handle the payment process via a Point Of Sale (POS) subsystem, print invoices, and provision RFID transponders used as room keys. The vulnerable terminals are typically used in small to medium-sized establishments where employing check-in staff 24/7 would be too costly for the business.
In early 2024, Pentagrid security researchers discovered that they could easily bypass the Ariane Allegro Scenario Player running in kiosk mode on the self-check-in terminal of the hotel at which they were staying and access the underlying Windows desktop with all customer details.
In detail, a Pentagrid security researcher discovered that the application hangs, which occurs when the main thread of an application fails to respond within a reasonable timeframe, when entering a single quote on the reservations look-up screen of the terminal. When touching the screen again, the underlying Windows operating system offers the user the option to end the app’s process, which terminates the Ariane Allegro Scenario Player and gives access to the desktop. From there, the user may access any files stored on the device, which could include anything from reservation entries with personally identifiable information (PII) to invoices.
Recommendations
According to an official statement from Ariane, the problem was fixed in the most recent version of Allegro Scenario Player. Therefore, Pentagrid recommends hotels using the terminal:
- To ensure that a recent version of the software is installed. The version that fixes the issue is not known to Pentagrid, hence, Ariane Systems should be asked to clarify.
- To isolate check-in terminals so that bypassing the kiosk mode does not allow attacks on the hotel network or the Windows domain.