Big Vulnerability in Hotel Wi-Fi Router Puts Guests at Risk
by Kim Zetter*, WIRED.
Guests at hundreds of hotels around the world are susceptible to serious hacks because of routers that many hotel chains depend on for their Wi-Fi networks. Researchers have discovered a vulnerability in the systems, which would allow an attacker to distribute malware to guests, monitor and record data sent over the network, and even possibly gain access to the hotel’s reservation and keycard systems.
The security hole involves an authentication vulnerability in the firmware of several models of InnGate routers made by ANTlabs, a Singapore firm whose products are installed in hotels in the US, Europe and elsewhere.
The vulnerability, which was discovered by the security firm Cylance, gives attackers direct access to the root file system of the ANTlabs devices and would allow them to copy configuration and other files from the devices’ file system or, more significantly, write any other file to them, including ones that could be used to infect the computers of Wi-Fi users.
The researchers found 277 of the devices in 29 countries that are accessible over the internet, though there may be many others that they weren’t able to uncover over the internet because they’re protected behind a firewall. Devices behind a firewall, however, would still presumably be vulnerable to the same malicious activity by anyone who gets on the hotel’s network.
(*) Kim Zetter is an award-winning, senior staff reporter at Wired covering cybercrime, privacy, and security. She is writing a book about Stuxnet, a digital weapon that was designed to sabotage Iran’s nuclear program.