Tag Archives: Wi-Fi Router Vulnerabilities

Wi-Fi router flaw leaves hundreds of hotel guests vulnerable to hackers

1 Reply

Researchers have discovered 277 devices in 29 countries to be accessible over the Internet.

Another week, another piece of research highlighting the vulnerabilities of Wi-Fi devices. This time, security firm Cylance has discovered routers — which can be been found in eight of the world’s top 10 hotel chains — to be vulnerable to hacking. The experts claim cyber attackers could easily use the flaw to monitor and record data sent over the hotel’s Wi-Fi network.

area-wifi-hotel-a-pisa-3-stelle

Cylance discovered that multiple ANTLabs InnGate models contained a misconfigured, unauthenticated rsync service that listened on TCP port 873 and gave unprivileged users full read and write access to the file system. The Rsync daemon is a tool often used to backup systems since it can be set up to automatically copy files or new parts of files from one location to another.

“When an attacker gains full read and write access to a Linux file system, it’s trivial to then turn that into remote code execution,” Cylance researcher Brian Wallace wrote in a blog post. “The attacker could upload a backdoored version of nearly any executable on the system and then gain execution control, or simply add an additional user with root level access and a password known to the attacker. Once full file system access is obtained, the endpoint is at the mercy of the attacker.”

For example, hackers could potentially use the security weakness to infiltrate keycard systems to secure and unlock doors, monitor and record data sent over the network, access the hotel’s reservation system, and even distribute malware to guests, among countless other malicious acts.

At the moment, Cylance has confirmed the flaw can be found in 277 devices spanning across 29 countries that are accessible over the Internet. Aside from more than 100 of them being at located in the United States, the researchers have unearthed susceptibility in 16 systems in the UK, 35 in Singapore and 11 in the United Arab Emirates.

darkportal-map.png

“The affected nodes also include quite affluent hotels. Listing those vulnerable devices at this time would be irresponsible and could result in a compromise of those networks,” the team’s blog explains. “Take it from us that this issue affects hotels brands all up and down the spectrum of cost, from places we’ve never heard of to places that cost more per night than most apartments cost to rent for a month.”

ANTlabs has since released a patch to fix the vulnerability. If recent events were to demonstrate anything, it is that hotel networks are a common target to hackers. In fact, just last November, Kaspersky Lab documented the activity of a cyberespionage group dubbed DarkHotel that preyed on business travelers by compromising the networks of luxury hotels in the APAC region. It’s more apparent than ever that, not only are security flaws on the rise, they affect us all. Subsequently, how can you ensure that your network and its devices are protected? Those wishing to read more can head over to a detailed write-up from Wiredas well as check out Cylance’s official blog post here.