GBCblue Guest-use PC's Now Detect and Prevent Use of Hardware Keystroke Loggers as Part of Sweeping Software Upgrade

  • Ascension Software™
  • 01.15.08
GBCblue, a provider of guest-use computing systems for the hospitality industry is set to release the fourth generation of its computer kiosk software, Client Manager 4 (CM4).

Designed to operate exclusively on GBCblue guest-use computers, CM 4 promises to deliver an unprecedented 99 percent uptime and customizable multimedia user experience, but with all its achievements, it is the new security features, specifically unauthorized hardware invasion detection, that make CM4 truly revolutionary.

"Keystroke loggers are now the biggest threat to users of public computing systems," explains Victor Alikin, CEO of GBCblue. "Everyone in our industry understands the severity of the issue but until now nobody has been able to do anything about it. Physically locking a USB keyboard into a PC is no guarantee that it won't be tampered with, giving a hotel a false sense of security and ultimately a devastating liability. From day one, security has been our number one priority so it was imperative to create a way to protect hotel guests, and just as important, the hotelier, from keystroke loggers."
The GBCblue solution is the device controller module for Client Manager 4. The device controller continuously monitors all peripherals attached to the PC via USB port to ensure only known or safe devices are allowed. When a foreign device is connected to the PC, the device controller issues a notification to the user interface and signals an alert to GBCblue remote monitoring team. If a highly suspicious device is discovered (either a recognized keystroke logger or device with the same characteristics of a keystroke logger) the device controller completely disables the associated USB port, blocking that device from the machine. A GBCblue technician needs to address the issue before the infected port is returned to a usable state.

"It's the only true solution for hardware keystroke logger detection and it requires a combination of software, network monitoring, and an experienced support team," said Ken York, VP of operations for GBCblue. "It's a lot of work to ensure the security of hotel guests using our managed systems, but we can all sleep better knowing that our client's guests will not be victims to keystroke loggers while using our managed systems."

For cyber-thieves, a public computer is better than an ATM. By installing a tiny $50 USB device, called a keystroke logger, criminals can obtain all the data entered through a keyboard including visited Web sites and associated usernames and passwords. Using the stolen data, thieves are able to access accounts, use personal information or worse, steal a guest's identity and possibly life savings.
The identity theft problem has grown to almost epidemic proportions costing U.S. citizens billions of dollars each year. A recent ABC News report described how an Eastern Bloc crime ring was targeting hotel business center computers with hardware keystroke loggers. According to the FBI, the cyber-thieves had stolen tens of millions of guest funds by looting U.S. 401K's, bank accounts and stock trading accounts using such keystroke loggers. Not even the most advanced antivirus and antispyware applications can detect keystroke loggers because there is no software interaction with the PC. The devices are even physically disguised to look like standard plug ends making them almost invisible to unsuspecting guests or hotel staff.
Beyond identity theft protection, Client Manager 4 introduces new methods of ensuring systems uptime. "We contend that GBCblue PCs have the greatest uptime of any system on the market and CM4 really delivers," said York.
Each GBCblue PC maintains a connection with the company's central network operating center for payment processing, to report system health, and receive daily software updates. Prior to CM4, if the local HSIA connection was interrupted the systems would no longer function, even for offline activities such as printing or creating a document. With CM4, GBCblue PCs automatically switch to a locally controlled system in the event of a lost or interrupted Internet connection. The switch is completely transparent to the user and allows each system to continue to operate under adverse circumstances. The ability to provide a more stable and secure environment is a result of CM4's new platform-a platform that offers great potential for the future.
York said, "Client Manager 4 is entirely new system architecture. It utilizes the latest software language (XAML and .Net) and infrastructure design (grid framework) to deliver an expansive, stable application base. Our computers are not confined to set business rules like off-the-shelf kiosk software. Our competitors offer an authentication screen, timed user session, and system refresh. GBCblue pioneered that technology over four years ago and now we are defining the next evolution of public computing.
"CM4 introduces a completely customizable experience. The systems are capable of managing complex marketing initiatives with custom branding for hotel chains, property content management, special group communication tools and billing models, and even time-based promotions for hotel services (e.g. happy hour promotions). The experience can be multimedia enriched leaving guests with a memorable experience," said York.

GBCblue offers a range of business models that includes charge-for-use, free-to-guest and the COMBOblue model that offers a designated amount of free time before the guest is charged. This model was specifically designed to combat camping on PC's by both guests and non-guests alike and keep incremental revenue streams alive for the hotelier to pay for the systems and make a profit as well.

Related Articles
want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.