Attacks/Breaches

3/26/2015
09:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cylance Researchers Discover Critical Vulnerability Affecting Hotel Chains Worldwide

Millions of Customers Using Guest WiFi Potentially Impacted

IRVINE, Calif. March 26, 2015 – Cylance, the first predictive cyber threat security company that combines the power of math and machine learning to stop malware, today revealed that its security research team – dubbed Cylance SPEAR – discovered a critical vulnerability in ANTlabs' InnGate product that could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user's connection and potentially gain access to a hotel's property management system (PMS).

This vulnerability affects 277 hotels, convention centers and data centers across 29 countries. It has the potential to impact millions of customers ranging from everyday vacationers and data center IT staff to tradeshow attendees and high priority targets such as government officials, corporate executives and CSOs. 

Cylance has worked closely with the US-CERT and CERT/CC to coordinate the disclosure of this vulnerability responsibly. ANTlabs is making a patch available today for its InnGate product. For more information about how to apply necessary protections, visit www.antlabs.com.

“Given that the ANTlabs’ product integrates with external systems, such as a hotel’s PMS, this vulnerability could be leveraged to gain deeper access into a hotel’s business network. This is similar to the Target breach where attackers were able to penetrate the organization’s internal network through a vulnerability in the heating and cooling system,” said Justin W. Clarke, senior security researcher on the Cylance SPEAR team. “As this vulnerability is so widespread, Cylance SPEAR quickly notified US-CERT to coordinate the vulnerability verification, patch development, and today's disclosure with the ANTlabs.”

This is not the first time Cylance researchers have seen activity of this nature, asthis vulnerability could allow a threat actor to carry out an attack similar to DarkHotel, a campaign discovered last November that infected Internet gateways at Asian Luxury hotels in order to compromise high-profile guests.  An attacker exploiting this new ANTlabs InnGate vulnerability could infect specific targets or anyone who connects via WiFi through it with malware, gain access to personal credentials stored on a user’s computer and gain full access to property management systems (PMS) that contain guest booking details and point of sale information.

The exploitation would only need a low level of sophistication and no authentication. The threat has been assigned a CVE-2015-0932 identifier and ranks the maximum score, 10.0, on the CVSS 2.0 scale.

This marks the first official announcement from Cylance’s new research team SPEAR (Sophisticated Penetration Exploitation and Research).  The SPEAR team’s work will be dedicated to cutting edge security research and improving the state of information security for users worldwide. The team is focused on detecting and stopping the execution of malware, APTs and advanced threats before they hit the system. SPEAR will perform research on vulnerabilities, threat actors, malware and tools needed to prevent attacks before they cause damage.

“Cylance SPEAR will dig into the hacker mindset to uncover emerging attack and defense methods,” said Ryan Permeh, co-founder and chief scientist at Cylance. “Our research will also help to advance the capabilities of Cylance’s core product, CylanceProtect, and support the company’s mission to abolish the need for traditional signature-based technologies that consistently miss advanced security threats.”

For more information about this vulnerability and to learn about future discoveries, please visit http://blog.cylance.com/.

 

About Cylance, Inc.

Cylance is the first company to apply artificial intelligence, algorithmic science and machine learning to cyber security and improve the way companies, governments and end users proactively solve the world’s most difficult security problems. Using a breakthrough predictive analysis process, Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist. By coupling sophisticated math and machine learning with a unique understanding of a hacker’s mentality, Cylance provides the technology and services to be truly predictive and preventive against advanced threats. For more information, visit www.cylance.com.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17368
PUBLISHED: 2018-09-23
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.
CVE-2018-17369
PUBLISHED: 2018-09-23
An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter.
CVE-2018-17400
PUBLISHED: 2018-09-23
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application.
CVE-2018-17401
PUBLISHED: 2018-09-23
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature.
CVE-2018-17402
PUBLISHED: 2018-09-23
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number.