Attacks/Breaches

3/26/2015
09:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cylance Researchers Discover Critical Vulnerability Affecting Hotel Chains Worldwide

Millions of Customers Using Guest WiFi Potentially Impacted

IRVINE, Calif. March 26, 2015 – Cylance, the first predictive cyber threat security company that combines the power of math and machine learning to stop malware, today revealed that its security research team – dubbed Cylance SPEAR – discovered a critical vulnerability in ANTlabs' InnGate product that could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user's connection and potentially gain access to a hotel's property management system (PMS).

This vulnerability affects 277 hotels, convention centers and data centers across 29 countries. It has the potential to impact millions of customers ranging from everyday vacationers and data center IT staff to tradeshow attendees and high priority targets such as government officials, corporate executives and CSOs. 

Cylance has worked closely with the US-CERT and CERT/CC to coordinate the disclosure of this vulnerability responsibly. ANTlabs is making a patch available today for its InnGate product. For more information about how to apply necessary protections, visit www.antlabs.com.

“Given that the ANTlabs’ product integrates with external systems, such as a hotel’s PMS, this vulnerability could be leveraged to gain deeper access into a hotel’s business network. This is similar to the Target breach where attackers were able to penetrate the organization’s internal network through a vulnerability in the heating and cooling system,” said Justin W. Clarke, senior security researcher on the Cylance SPEAR team. “As this vulnerability is so widespread, Cylance SPEAR quickly notified US-CERT to coordinate the vulnerability verification, patch development, and today's disclosure with the ANTlabs.”

This is not the first time Cylance researchers have seen activity of this nature, asthis vulnerability could allow a threat actor to carry out an attack similar to DarkHotel, a campaign discovered last November that infected Internet gateways at Asian Luxury hotels in order to compromise high-profile guests.  An attacker exploiting this new ANTlabs InnGate vulnerability could infect specific targets or anyone who connects via WiFi through it with malware, gain access to personal credentials stored on a user’s computer and gain full access to property management systems (PMS) that contain guest booking details and point of sale information.

The exploitation would only need a low level of sophistication and no authentication. The threat has been assigned a CVE-2015-0932 identifier and ranks the maximum score, 10.0, on the CVSS 2.0 scale.

This marks the first official announcement from Cylance’s new research team SPEAR (Sophisticated Penetration Exploitation and Research).  The SPEAR team’s work will be dedicated to cutting edge security research and improving the state of information security for users worldwide. The team is focused on detecting and stopping the execution of malware, APTs and advanced threats before they hit the system. SPEAR will perform research on vulnerabilities, threat actors, malware and tools needed to prevent attacks before they cause damage.

“Cylance SPEAR will dig into the hacker mindset to uncover emerging attack and defense methods,” said Ryan Permeh, co-founder and chief scientist at Cylance. “Our research will also help to advance the capabilities of Cylance’s core product, CylanceProtect, and support the company’s mission to abolish the need for traditional signature-based technologies that consistently miss advanced security threats.”

For more information about this vulnerability and to learn about future discoveries, please visit http://blog.cylance.com/.

 

About Cylance, Inc.

Cylance is the first company to apply artificial intelligence, algorithmic science and machine learning to cyber security and improve the way companies, governments and end users proactively solve the world’s most difficult security problems. Using a breakthrough predictive analysis process, Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist. By coupling sophisticated math and machine learning with a unique understanding of a hacker’s mentality, Cylance provides the technology and services to be truly predictive and preventive against advanced threats. For more information, visit www.cylance.com.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-2491
PUBLISHED: 2018-11-13
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps...
CVE-2018-2473
PUBLISHED: 2018-11-13
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVE-2018-2476
PUBLISHED: 2018-11-13
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
CVE-2018-2477
PUBLISHED: 2018-11-13
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
CVE-2018-2478
PUBLISHED: 2018-11-13
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands execut...