If you love to travel and move hotels to hotels, then you might be dependent on free Wi-Fi network to access the Internet. However, next time you need to be extra cautious before connecting to Hotel's Wi-Fi network, as it may expose you to hackers.
Security researchers have unearthed a critical flaw in routers that many hotel chains depend on for distributing Wi-Fi networks.
The security vulnerability could allow a hacker to infect guests with malware, steal or monitor personal data sent over the network, and even gain access to the hotel’s keycard systems and reservation.
HACKING GUEST WIFI ROUTER
Several models of InnGate routers manufactured by ANTlabs, a Singapore firm, have a security weakness in the authentication mechanism of the firmware.
The security vulnerability (CVE-2015-0932), discovered by the security firm Cylance, gives hackers direct access to the root file system of ANTlabs's InnGate devices.
With root access, hackers could be able to read or write any files from or to the devices’ file system respectively, including data that could be used to infect the devices of Wi-Fi users.
Researchers have found nearly 277 hotels, convention centers, and data centers across 29 countries that are affected by this security vulnerability. Although, the number could be much larger as the flaw has potential to impact Millions of users who gets on the hotel’s network for free Wi-Fi access.
However, the security researchers found more than 100 vulnerable devices located in the United States, 35 devices in Singapore, 16 in the UK, and 11 in the United Arab Emirates.
Justin W. Clarke, a senior security researcher of the Cylance SPEAR (Sophisticated Penetration Exploitation and Research) team, says the vulnerability also gives the attacker access to a computer owned by the operating organization.
THE VULNERABILITY GETS WORSE
In some cases, researchers found the InnGate devices were configured to communicate with a Property Management Systems (PMS). This could also be leveraged to gain deeper access into a hotel's business network, allowing a hacker to identify guests and upcoming guests at a hotel and their room number.
Moreover, PMS is often integrated with the phone system, POS (point-of-sale) system for processing credit card transactions, as well as electronic keycard system for accessing doors to guest rooms at hotels.
So, this vulnerability could also potentially allow an attacker to access and exploit these hotel's systems.
"In cases where an (ANTlabs) InnGate device stores credentials to the PMS, an attacker could potentially gain full access to the PMS (Property Management Systems) itself," the researchers wrote in a blog post published Thursday.
HOW THE VULNERABILITY WORKS?
The flaw lies in an unauthenticated Rsync daemon running on TCP 873 used by the ANTlabs devices. The Rsync daemon is an extraordinarily versatile file copying tool widely used to backup file systems as it can automatically copy files from one location to another.
The Rsync daemon can be password-protected, but the ANTlabs device that uses it requires no authentication.
Once hackers have connected to the Rsync daemon, they are then able to read and/or write to the file system of the Linux-based operating system without any restrictions.
Due the widespread nature of the vulnerability, ANTlabs has rolled out a patch addressing CVE-2015-0932 with an alert about the critical flaw being issued by US-CERT.
This isn't first time when researchers have discovered this kind of attack targeting guests at Hotels, late last year Kaspersky Labs uncovered a hacking campaign, dubbed DarkHotel, targeting guests at five-star hotels in Asia and the US by subverting their Wi-Fi system.