YOU ARE AT:DevicesMajor vulnerability discovered in hotel Wi-Fi devices

Major vulnerability discovered in hotel Wi-Fi devices

If you’ve ever used hotel Wi-Fi, listen up. A major vulnerability discovered in hotel Wi-Fi devices could put your information at risk.

The CVE-2015-0932 vulnerability has been discovered in a Wi-Fi device that many hotels use to provide Internet access to guest hotel rooms.

The ANTlabs InnGate router is said to be vulnerable to a firmware that gives a hacker the ability to monitor and record the data sent over the network. It could even allow the attacker access to a hotel’s keycard systems.

According to Cylance, an incident response cyber security company, “The attacker could upload a ‘back-doored’ version of nearly any executable on the system and then gain execution control, or simply add an additional user with root level access and a password known to the attacker. Once full file system access is obtained, the endpoint is at the mercy of the attacker.”

Something similar to this has happened before. Last year, there was an APT campaign called DarkHotel that infected Internet gateways at Asian luxury hotels in order to compromise high-profile guests.

That was a much more sophisticated attack, which makes the CVE-2015-0932 vulnerability more frightening.  Cylance calls it “a very simple vulnerability with devastating impact.”

Researchers found 277 ANTlab InnGate routers in 29 countries, but it is believed this is only a small percentage as many of the devices are protected behind firewalls that make them difficult to identify. These devices are still believed to be vulnerable to attack.

Hotels were not the only places researchers found these devices. They also found them at some convention centers. A top data center company also uses the device to manage guest Wi-Fi in several locations in Asia.

Researchers believe a vendor-supplied patch, released March 26 will address the vulnerability.

ABOUT AUTHOR

Joey Jackson
Joey Jacksonhttp://www.RCRWireless.com
Contributorjjackson@rcrwireless.com Joey Jackson is an editor and production manager at RCRWireless.com and RCRtv based in Austin, Texas. Before coming to RCR, Joey was a multimedia journalist for multiple TV news affiliates around the country. He is in charge of custom video production as well as the production of the "Digs," "Gigs," "How it works" and "Tower Stories" segments for RCRtv. He also writes daily about the latest developments in telecom and ICT news. An Oregon native, Joey graduated from the University of Oregon with a degree in journalism and communications. He enjoys telling the stories of the people and companies that are shaping the landscape of the mobile world. Follow him on Twitter at @duck_jackson.