Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

3/27/2015
04:25 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks

A flaw in a popular router product may have exposed millions of hotel guests, researchers from Cylance say.

News this week that guests at hotels around the world were exposed to malicious attacks from a gaping vulnerability in a popular network routing product is a reminder of the inherent risks business travelers face in connecting to the Internet from unfamiliar Wi-Fi access points.

Security researchers at the Sophisticated Penetration Exploitation and Research team at Cylance discovered a critical—and now patched—vulnerability in InnGate routers from ANTlabs, a Singapore-based company that supplies network equipment to hotels around the world.  InnGate routers are installed in hotels, convention centers, and in numerous places that offer public Wi-Fi access.

Cylance described the vulnerability it discovered as an authentication flaw that basically gave attackers full read and write access to the file system on certain models of the InnGate router. The access would have permitted attackers to take complete remote control of the device and use it to intercept or modify traffic flowing through the router.

Attackers would also have been able to use the flaw to gain access to devices on the affected hotel’s WiFi network and plant malware or steal data from them. In some cases, the InnGate device was even integrated to the hotel’s core property management system, putting critical guess booking, point-of-sale and customer data at risk of compromise.

Cylance researchers uncovered vulnerable routers at 277 hotels, convention centers, and data centers in 29 countries. In its alert, the company warned that millions of customers could potentially be exposed to malicious attacks from using vulnerable routers at locations that installed them. ANTlabs issued a patch for the flaw Thursday and said it was working with affected customers to ensure the patch was applied.

This is the second time in recent months that security researchers have warned of hotel WiFi networks being a potential vector of attack for cyber criminals. Last November, Kaspersky Labs sounded the alarm on DarkHotel, an advanced persistent threat campaign involving a group of cybercriminals that has been stealing data from high-value hotel guests by breaking into their systems via the WiFi system.

Like DarkHotel, the InnGate vulnerability would have also allowed attackers to target specific guests but with far less effort, Cylance said.

Incidents like this highlight the risks that business travelers face when they take the security of hotel WiFi networks and other public access points for granted, says Justin Clarke, a security researcher at Cylance. They underscore the fact that the devices, which people rely on to connect to the Internet, are not often vetted for security and therefore cannot be fully trusted, Clarke said. “It’s a reminder to continue thinking about what devices out there may not have been analyzed fully from a security standpoint,” and take the appropriate precautions.

For business travelers, and others, that means taking common sense precautions, like always using a VPN when accessing the corporate network, ensuring that malware protections are updated, and avoiding tasks that can wait till a trusted access point is available, he said.

Vulnerabilities like the one uncovered by Cylance also serve up some important lessons in configuring routers securely. Embedded web servers are often the source of many flaws, so it is a mistake to allow remote router management over the Internet, said Craig Young, security researcher at Tripwire.

Administrators that need remote access to a router’s web interface should instead consider configuring network address translation rules to allow external SSH or VPN access, Young said in an emailed statement responding to the Cylance disclosure.

Allowing default passwords and default IP ranges to remain on a router also make it easier to attack and so too does failing to log out after configuring the router, he said. Some attacks will only work when the victim’s browser is authenticated to the router or when the attacker knows the password,” he said.

The router vulnerability that Cylance discovered shows why people should be careful about using any available Internet connection, said Brad Cyprus, chief of security and compliance at Netsurion.

By emulating a legitimate Wi-Fi access portal, an attacker can effectively place himself between a user and the Internet, he said. “This means that everything you do while connected will be visible to the data thief, including any login information you use to access your bank or office, your credit cards entered in any website, or the contents of your e-mail.”

One way for a business traveler to avoid such issues is to use their smartphone as a tethered Internet device, Cyprus said. “Since you can set up this connection to use the cellular network and not the hotel Wi-Fi, your data is never available to the hacker who is staying at the hotel looking for victims.” 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
otalliance
50%
50%
otalliance,
User Rank: Strategist
3/30/2015 | 4:08:04 PM
Re: Personal Hotspot
Speaks to the importance of HSTS / HTTPS or AOSSL  https://otalliance.org/AOSSL
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
3/30/2015 | 12:36:03 PM
Personal Hotspot
Considering most hotel Wifi speeds are abysmal anyway, what about personal mobile hotspots from a security perspective? Granted your speeds would be less than the typcial wifi but as stated before hotel wifi is not typical especially due to its over-utilization with mobile devices.

There are providers that offer unlimited data and if you are going to be a frequent traveler concerned about security than it might be beneficial to go down this route. Thoughts?
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now this is the worst micromanagment I've seen.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17210
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
CVE-2019-12934
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
CVE-2019-9229
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can...
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
CVE-2019-13569
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.