Security flaws found in a popular guest Wi-Fi system used in hundreds of hotels

Published by
Peter Kavinsky

A security researcher says an internet gateway, used by hundreds of hotels to offer and manage their guest Wi-Fi networks, has vulnerabilities that could put the personal information of their guests at risk.

Etizaz Mohsin told TechCrunch that the Airangel HSMX Gateway contains hardcoded passwords that are “extremely easy to guess.” With those passwords, which we are not publishing, an attacker could remotely gain access to the gateway’s settings and databases, which stores records about the guest’s using the Wi-Fi. With that access, an attacker could access and exfiltrate guest records, or reconfigure the gateway’s networking settings to unwittingly redirect guests to malicious webpages, he said.

Back in 2018, Mohsin discovered one of these gateways on the network of a hotel he was staying at. He found that the gateway was synchronizing files from another server across the internet, which Mohsin said contained hundreds of gateway backup files from some of the most prestigious and expensive hotels in the world. The server also stored “millions” of guest names, email addresses, and arrival and departure dates, he said.

Mohsin reported the bug and the server was secured, but that sparked a thought: Could this one gateway have other vulnerabilities that could put hundreds of other hotels at risk?

In the end, the security researcher found five vulnerabilities that he said could compromise the gateway — including guests’ information. One screenshot he shared with TechCrunch showed the administration interface of one hotel’s vulnerable gateway revealing the guest’s name, room number, and email address.

Mohsin reported the newly discovered cache of flaws to Airangel, but months passed and the U.K.-based networking gear maker still has not fixed the bugs. A representative told Mohsin that the company hasn’t sold the device since 2018 and was no longer supported.

But Mohsin said the device is still widely used by hotels, malls, and convention centers around the world. Internet scans show over 600 gateways are accessible from the internet alone, though the true number of vulnerable devices is likely to be higher. Most of the affected hotels are in the U.K., Germany, Russia, and across the Middle East, he said.

“Given the level of access that this chain of vulnerabilities offers to attackers, there is seemingly no limit to what they could do,” Mohsin told TechCrunch.

Mohsin presented his findings at the @Hack conference in Saudi Arabia last month. Airangel did not respond to a request for comment.

Read more:

Source: Tech

Peter Kavinsky

Peter Kavinsky is the Executive Editor at cablefreetv.org

Share
Published by
Peter Kavinsky

Recent Posts

  • News

Air passengers are losing patience with law enforcement due to backlog of complaints

Canadians whose travel plans have been derailed by flight delays or cancellations say they are…

20 seconds ago
  • News

Three ambulances arrived from Kazakhstan for doctors in eastern and southern Ukraine

Three ambulances arrived in Ukraine for doctors in the east and south of the country,…

2 mins ago
  • News

Xavi removes Dest, Umtiti and Braithwaite from list | Sports

Barcelona head coach Javi Hernandez ruled out defenders Serginho Dest and Samuel Umtiti and striker…

8 mins ago
  • News

On Friday at the festival near Valencia, he broke down hundreds of pdia, one fighter died St

<!----> High winds damaged and damaged buildings and equipment during the second electronic music festival,…

9 mins ago
  • News

World shocked by attack on Salman Rushdie | News from Germany on world events | DW

After a brutal attack in upstate New York famous British writer Salman Rushdie is in…

10 mins ago
  • News

Take a look at its price and what it is available at & More News

August 13, 2022 Gabe Rodriguez Morrison Tesla Insurance is a competitively priced insurance product that…

13 mins ago