Petronella Blog Archive

Visit our New Blog

Big Dangers in Hotel Wi-fi

Blog Post

Picture this:

You fly into a new city you are visiting and check into your hotel. You get your key from the front desk and make your way to your room. It was a long flight and the King bed with the overstuffed pillows looks too comfy for words. You take your shower, change into your night clothes and type the Wi-Fi code into your phone and laptop. You climb into the cushy bed, turn on the TV and then check your emails, account balances and Facebook before drifting off into a coma-like dream land.

The next morning, you wake up, ready for your exciting day of site-seeing and fantastic new restaurants. You decide to use your credit card to purchase a souvenir for your friend, but your credit card gets rejected, which is odd, considering that you just paid it off. A little concerned, you call the bank and find out that your funds have been withdrawn. You book it back to the hotel and are shocked to see that all of your possessions, including your laptop, have disappeared.

Sounds like a bad dream... But if the hotel where you are staying is using ANTlabs InnGate routers, this “bad dream” could very well be a reality.

Researchers have discovered a potential vulnerability in the Singapore-based company’s products which could allow an attacker to distribute malware to hotel guests, giving them the ability to not only monitor and record data sent over the hotel Wi-Fi, but to also potentially gain access to the reservation and keycard software.

Cylance, a security firm, discovered that this hole gives direct access to root filing systems of ANTlab devices, permitting hackers to copy files from the file system, to overwrite those files, and to infect computers that are connected to this unsecure Wi-Fi.

Cylance research uncovered 277 compromised devices in 29 countries (100 of the devices were in the US alone) that were accessible online; there are most likely more, however, that are protected by a firewall. Though the firewall helps protect those devices, if an attacker hacks into the system they are still vulnerable to the same issues. In addition to hotels (primarily chains), the researchers also discovered that there are other vulnerable locations; a number of convention centers use InnGate devices as does a major data center with Asia Pacific locations.

The hotels, along with the data and convention centers, use the InnGate devices for guest internet access, which is bad enough, but it can get worse, if the company also connects the devices to their Property Management System (PMS). When this occurs, havoc can ensue. Hackers can potentially see guest reservations, and even code/decode key cards and theft may not be the only crime to occur. For example, in 2011, a Hamas official was assassinated in a Dubai hotel after the assassins were able to reprogram the electronic lock.

One may question how something like this can happen. The hole is the unauthenticated rsync daemon (a tool that is used in system back-ups) that ANTlab devices utilize. The daemon can use a password as protection, but the device itself does not require any kind of authentication. So, according to a Cylance blog post, once the hacker is connected to the rsync daemon, “they are then able to read and write to the file system of the Linux based operating system without restriction… Given the level of access that this vulnerability offers to attackers, there is seemingly no limit to what they could do”

Scarily, it does not take an advanced cyber psychopath to discover this weakness; it was, in fact, discovered by pure coincidence, while one of the Cylance researchers was taking a break from another project. He decided to look over some of the results produced by a cursory internet scan his company made with a new script in search of rsync routers. One of the IP addresses just happened to be an ANTlab device and out of pure curiosity, the researcher, Clarke, tested to see if he could view the file directory; to his dismay, he soon found that not only could he view it, but he also had the ability to command it.

This accidental discovery was the catalyst for a much broader scan; one that found similar vulnerabilities in 8 of the world’s top ten hotel chains. Though these vulnerabilities exist, none of the chains were 100% compromised, which means that, most likely, that different locations use different brands and/or some of the locations have firewalls installed.

This fated discovery may help to explain the “DarkHotel” cyber-attack that occurred last year. The DarkHotel attackers targeted guests staying at 5-star US and Asian hotels. When the guests logged into the Wi-Fi, an Adobe downloadable update popped up. As you may have guessed, this was not actually an update at all; rather it was a virus that contained a malicious code. Kaspersky, the security company that researched DarkHotel, was unable to figure out exactly how the hackers were able to tap into the hotel servers, but believe now that it may be related to the vulnerability of the InnGate device.

Since the discovery, ANTlabs has created a patch, and they are in the process of contacting the compromised hotels. However, this does not mean that you will always be safe, and it is up to you to protect yourself. For more cyber security tips, or if you have any questions, please feel free to contact us for a consultation.