Hotel Wi-Fi not only hideously expensive – it's horribly insecure
Wide-open rsync blunder leaves popular gateways vulnerable to hijacking
Travelers are used to getting screwed over by hotel internet access.
But it's not just the eye-watering Wi-Fi prices guests should be worried about.
A major security flaw in a network gateway popular among hoteliers can be exploited by hackers to launch attacks against guests by injecting malware into their downloads over unencrypted connections. Compromised gateways can also be used to infiltrate sensitive areas of a hotel's network, such as its reservation systems, it's claimed.
The vulnerability was discovered by researchers at security firm Cylance, and is present in ANTLabs InnGate devices – which are used by many hotels and conference venues to manage and sell access to the internet.
A completely unsecured rsync service, running on port 873, in the gateway's firmware allows miscreants to get full unauthorized read-write access to the device's GNU/Linux file system, and execute arbitrary code remotely.
"An attacker exploiting the vulnerability in CVE-2015-0932 would have the access to launch attacks against guests on the affected hotel's Wi-Fi," Cylance's advisory states.
"Targets could be infected with malware using any method from modifying files being downloaded by the victim or by directly launching attacks against the now accessible systems. Given the level of access that this vulnerability offers to attackers, there is seemingly no limit to what they could do."
Hotels seem to be a popular target for hackers: last year, Kaspersky Lab discovered a family of malware, dubbed DarkHotel, developed specifically for the hotel market.
But it's not just guests who are vulnerable to having their data sniffed, or having malware installed on their computers, phones or fondleslabs. The Cylance researchers said that in some cases the InnGate devices store login details for hotels' property management systems.
These systems can run the hotel's booking computers, financial information servers, payroll records, and the back-office computers needed to run a modern establishment. In a few cases, access to these management systems could also allow the attacker to investigate other networks in the same hotel chain.
The security firm reported the vulnerability to US-CERT on February 12, and a patch was issued by ANTLabs on Thursday. However, IT departments are often slow to install fixes, so it may be an idea to use your own hotspot where possible, now hotels have to let you do so. ®