Hotel WiFi? Just Say No! Why Paying For Your Own WiFi Hotspot Makes Sense

Security researchers at the firm Cylance have found a vulnerability in several models of InnGate routers made by ANTlabs of Singapore.  These vulnerable devices are installed in eight of the top ten hotels in the US.

The vulnerability allows a hostile actor to compromise the router and even send files to connected users and compromise connected devices.  The Cylance team was also able to find almost 300 of the vulnerable devices directly connected and searchable on the internet.  During research for this article Protocol46 was able find several hundred more vulnerable devices directly connected to the internet.  This is a concern because a vulnerable device that is directly connected to the internet is able to be attacked by any hostile actor with no security to stop them.

The ANTLabs devices are found in more than just hotels.  They are also in convention centers, malls, and used by companies for guest internet access.  The Cylance team points out that these vulnerable routers are often connected to the hotel’s Property Management System (PMS) which makes information on the guests staying at the hotel vulnerable.  PMS systems are often connected to point of sale, and the key card system as well making the vulnerability in the router a big security risk for the companies that have emplaced them.

Last year Kaspersky released information on malware called DarkHotel.  DarkHotel sent a pop up to update Adobe Flash to users when they connected to the hotel internet.  The Adobe Flash update was malicious code that compromised the users device.  It is not clear if the hostile actors used this vulnerability to conduct the DarkHotel attacks, however, this is exactly what this vulnerability is capable of doing to users.

DHS/CERT has released an Vulnerability Note VU#930956 for this discovery.https://www.kb.cert.org/vuls/id/930956

Protocol46 recommends paying for your own WiFi hotspot from your cellular carrier.  The risk of free WiFi is very high.  Having your own WiFi hotspot doesn’t remove all security risks and does need to be configured properly to keep you safe.  A properly configured personal WiFi hotspot will greatly improve your security while on the road.

Post by Remote Process