Attacks/Breaches
3/26/2015
09:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cylance Researchers Discover Critical Vulnerability Affecting Hotel Chains Worldwide

Millions of Customers Using Guest WiFi Potentially Impacted

IRVINE, Calif. March 26, 2015 – Cylance, the first predictive cyber threat security company that combines the power of math and machine learning to stop malware, today revealed that its security research team – dubbed Cylance SPEAR – discovered a critical vulnerability in ANTlabs' InnGate product that could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user's connection and potentially gain access to a hotel's property management system (PMS).

This vulnerability affects 277 hotels, convention centers and data centers across 29 countries. It has the potential to impact millions of customers ranging from everyday vacationers and data center IT staff to tradeshow attendees and high priority targets such as government officials, corporate executives and CSOs. 

Cylance has worked closely with the US-CERT and CERT/CC to coordinate the disclosure of this vulnerability responsibly. ANTlabs is making a patch available today for its InnGate product. For more information about how to apply necessary protections, visit www.antlabs.com.

“Given that the ANTlabs’ product integrates with external systems, such as a hotel’s PMS, this vulnerability could be leveraged to gain deeper access into a hotel’s business network. This is similar to the Target breach where attackers were able to penetrate the organization’s internal network through a vulnerability in the heating and cooling system,” said Justin W. Clarke, senior security researcher on the Cylance SPEAR team. “As this vulnerability is so widespread, Cylance SPEAR quickly notified US-CERT to coordinate the vulnerability verification, patch development, and today's disclosure with the ANTlabs.”

This is not the first time Cylance researchers have seen activity of this nature, asthis vulnerability could allow a threat actor to carry out an attack similar to DarkHotel, a campaign discovered last November that infected Internet gateways at Asian Luxury hotels in order to compromise high-profile guests.  An attacker exploiting this new ANTlabs InnGate vulnerability could infect specific targets or anyone who connects via WiFi through it with malware, gain access to personal credentials stored on a user’s computer and gain full access to property management systems (PMS) that contain guest booking details and point of sale information.

The exploitation would only need a low level of sophistication and no authentication. The threat has been assigned a CVE-2015-0932 identifier and ranks the maximum score, 10.0, on the CVSS 2.0 scale.

This marks the first official announcement from Cylance’s new research team SPEAR (Sophisticated Penetration Exploitation and Research).  The SPEAR team’s work will be dedicated to cutting edge security research and improving the state of information security for users worldwide. The team is focused on detecting and stopping the execution of malware, APTs and advanced threats before they hit the system. SPEAR will perform research on vulnerabilities, threat actors, malware and tools needed to prevent attacks before they cause damage.

“Cylance SPEAR will dig into the hacker mindset to uncover emerging attack and defense methods,” said Ryan Permeh, co-founder and chief scientist at Cylance. “Our research will also help to advance the capabilities of Cylance’s core product, CylanceProtect, and support the company’s mission to abolish the need for traditional signature-based technologies that consistently miss advanced security threats.”

For more information about this vulnerability and to learn about future discoveries, please visit http://blog.cylance.com/.

 

About Cylance, Inc.

Cylance is the first company to apply artificial intelligence, algorithmic science and machine learning to cyber security and improve the way companies, governments and end users proactively solve the world’s most difficult security problems. Using a breakthrough predictive analysis process, Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist. By coupling sophisticated math and machine learning with a unique understanding of a hacker’s mentality, Cylance provides the technology and services to be truly predictive and preventive against advanced threats. For more information, visit www.cylance.com.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.