If you love to travel and move hotels to hotels, then you might be
dependent on free Wi-Fi network to access the Internet. However, next
time you need to be extra cautious before connecting to Hotel's Wi-Fi
network, as it may expose you to hackers.
Security researchers have unearthed a critical flaw in routers that many
hotel chains depend on for distributing Wi-Fi networks.
The security vulnerability could allow a hacker to infect guests with
malware, steal or monitor personal data sent over the network, and even
gain access to the hotel’s keycard systems and reservation.
HACKING GUEST WIFI ROUTER
Several models of InnGate routers manufactured by ANTlabs, a Singapore
firm, have a security weakness in the authentication mechanism of the
firmware.
The security vulnerability (CVE-2015-0932), discovered by the security firm Cylance, gives hackers direct access to the root file system of ANTlabs's InnGate devices.
With root access, hackers could be able to read or write any files from
or to the devices’ file system respectively, including data that could
be used to infect the devices of Wi-Fi users.
Researchers have found nearly 277 hotels, convention centers, and data
centers across 29 countries that are affected by this security
vulnerability. Although, the number could be much larger as the flaw has
potential to impact Millions of users who gets on the hotel’s network
for free Wi-Fi access.
However, the security researchers found more than 100 vulnerable devices
located in the United States, 35 devices in Singapore, 16 in the UK,
and 11 in the United Arab Emirates.
Justin W. Clarke, a senior security researcher of the Cylance SPEAR
(Sophisticated Penetration Exploitation and Research) team, says the
vulnerability also gives the attacker access to a computer owned by the
operating organization.
THE VULNERABILITY GETS WORSE
In some cases, researchers found the InnGate devices were configured to
communicate with a Property Management Systems (PMS). This could also be
leveraged to gain deeper access into a hotel's business network,
allowing a hacker to identify guests and upcoming guests at a hotel and
their room number.
Moreover, PMS is often integrated with the phone system, POS (point-of-sale) system for processing credit card transactions, as well as electronic keycard system for accessing doors to guest rooms at hotels.
So, this vulnerability could also potentially allow an attacker to access and exploit these hotel's systems.
"In cases where an (ANTlabs) InnGate device stores credentials to the PMS, an attacker could potentially gain full access to the PMS (Property Management Systems) itself," the researchers wrote in a blog post published Thursday.
HOW THE VULNERABILITY WORKS?
The flaw lies in an unauthenticated Rsync daemon running on TCP 873
used by the ANTlabs devices. The Rsync daemon is an extraordinarily
versatile file copying tool widely used to backup file systems as it can
automatically copy files from one location to another.
The Rsync daemon can be password-protected, but the ANTlabs device that uses it requires no authentication.
Once hackers have connected to the Rsync daemon, they are then able to
read and/or write to the file system of the Linux-based operating system
without any restrictions.
Due the widespread nature of the vulnerability, ANTlabs has rolled out a patch addressing CVE-2015-0932 with an alert about the critical flaw being issued by US-CERT.
This isn't first time when researchers have discovered this kind of
attack targeting guests at Hotels, late last year Kaspersky Labs
uncovered a hacking campaign, dubbed DarkHotel, targeting guests at five-star hotels in Asia and the US by subverting their Wi-Fi system.
No comments:
Post a Comment