Security Risk Discovered in Some Hotel Wi-Fi

Some Internet gateway devices commonly used by hotels and conference centers can easily be compromised by hackers, allowing them to launch a variety of attacks against guests accessing the Wi-Fi networks. The affected devices, designed to manage visitor-based networks, are manufactured by a company called ANTlabs and are used by both cheap and luxury hotels around the world, according to researchers from security firm Cylance.

The security hole involves an authentication vulnerability in the firmware of several models of InnGate routers made by ANTlabs, a Singapore-based firm whose products are installed in hotels in the U.S., Europe and elsewhere. The vulnerability gives attackers direct access to the root file system of the ANTlabs devices and would allow them to copy configuration and other files from the devices’ file system or, more significantly, write any other file to them, including ones that could be used to infect the computers of Wi-Fi users, reports Wired.

Of the 277 vulnerable devices accessible over the Internet, the researchers found more than 100 of them were at locations in the U.S. But they also found 35 vulnerable systems in Singapore, 16 in the UK, and 11 in the United Arab Emirates. Devices behind a firewall, however, would still presumably be vulnerable to the same malicious activity by anyone who gets on the hotel’s network, reports PCWorld.

“Given that the ANTlabs’ product integrates with external systems, such as a hotel’s PMS, this vulnerability could be leveraged to gain deeper access into a hotel’s business network. This is similar to the Target breach where attackers were able to penetrate the organization’s internal network through a vulnerability in the heating and cooling system,” said Justin Clarke, senior security researcher on the Cylance SPEAR team. “As this vulnerability is so widespread, Cylance SPEAR quickly notified US-CERT to coordinate the vulnerability verification, patch development, and today's disclosure with the ANTlabs.”

This is not the first time Cylance researchers have seen activity of this nature, as this vulnerability could allow a threat actor to carry out an attack similar to DarkHotel, a campaign discovered last November that infected Internet gateways at Asian luxury hotels in order to compromise high-profile guests, reports Dark Reading. An attacker exploiting this new ANTlabs InnGate vulnerability could infect specific targets or anyone who connects via Wi-Fi through it with malware, gain access to personal credentials stored on a user’s computer and gain full access to property management systems (PMS) that contain guest booking details and point of sale information.

“When an attacker gains full read and write access to a Linux file system, it’s trivial to then turn that into remote code execution,” Cylance researcher Brian Wallace said in a blog post. “The attacker could upload a backdoored version of nearly any executable on the system and then gain execution control, or simply add an additional user with root level access and a password known to the attacker. Once full file system access is obtained, the endpoint is at the mercy of the attacker.”