Search

×

Hotel Wi-Fi routers may put guests at risk

Wired reports guests at hundreds of hotels around the world are susceptible to “serious hacks” due to vulnerable routers that many properties depend on for their Wi-Fi networks.

Researchers at the security firm Cylance discovered an authentication vulnerability in the firmware of several models of InnGate routers made by ANTlabs. The vulnerability gives attackers direct access to the root file system of the devices and could allow them to copy configuration and other files from the devices’ file system or write any other file to them, including ones that could be used to infect the computers of Wi-Fi users.

“Any communications or transactions guests have over the Internet could potentially be captured by an attacker unless the data is thoroughly encrypted,” Chris Weber, co-founder of Internet security firm Casaba Security, told HOTELS. “The attacker could also push malware onto the guest’s laptop or mobile device by force browsing them to malicious sites when they connect to the hotel Wi-Fi. This is a full blown vulnerability that could expose hotels to a massive criminal attack and managers need to take it seriously.”

Weber explains that attackers can also use a vulnerable router as a way to get deeper into the hotel’s business systems, including access to the PMS that would result in a data breach of guests’ booking details and credit card data. He recommends that hotels immediately check what type of Internet gateway product they are using.

“If your hotel is using ANTlabs’ InnGate product, you need to run the manufacturer’s security patch,” said Weber. “If there are any problems downloading that patch, hotels need to take extreme precaution and either turn off guest Wi-Fi and/or close out access to the PMS. I would also strongly advise hotels to run an incident response drill to look for any evidence of a breach.” 

Researchers reportedly found 277 of the devices in 29 countries that are accessible over the Internet. Vulnerable systems were located mainly at hotel chains, but Internet-accessible routers were also found at several convention centers.

Comment