Severe hotel Wi-Fi network vulnerability patched

A zero-day vulnerability affecting popular hotel Internet gateways has been discovered and closed.


A zero-day vulnerability in hotel Wi-Fi networks has been patched, no longer placing customers at risk.

Developed by ANTLabs, the InnGate service range provides visitor-based Wi-Fi networks to businesses such as hotels as well as for use at conferences. InnGate, a popular method of offering Wi-Fi in hotels, gives businesses the option to bill customers based on temporary web access duration, create prepaid plans and perform check-out procedures.

A vulnerability within the InnGate product line was discovered by Cylance and revealed in a security advisory on Thursday. Classified as CVE-2015-0932, the vulnerability was caused by an incorrect rsync configuration in the firmware of certain InnGate HSIA models, which allowed external systems to obtain unrestricted read and write file access. In turn, an unauthenticated user could gain full access to hotel Wi-Fi systems.

Cylance security expert Brian Wallace said:

"When an attacker gains full read and write access to a Linux file system, it's trivial to then turn that into remote code execution. The attacker could upload a backdoored version of nearly any executable on the system and then gain execution control, or simply add an additional user with root level access and a password known to the attacker. Once full file system access is obtained, the endpoint is at the mercy of the attacker."

Cylance says that 277 devices in 29 countries -- including the US, Cuba, Australia and Italy -- were vulnerable to exploit. A number of unnamed "affluent" hotels are among those affected by the security problem.

Read this

Top tips on hack-proofing your life

From drug cartels to passwords, security expert Brian Krebs weighs in on how to keep your personal data and bank account safe.

Read More

In a blog post, ANTLabs confirmed the existence of the vulnerability, which affects InnGate HSIA gateway products. The products affected are:

  • IG 3100 model 3100, model 3101
  • InnGate 3.00 E-Series, 3.01 E-Series, 3.02 E-Series, 3.10 E-Series
  • InnGate 3.01 G-Series, 3.10 G-Series

A patch was issued on March 26 and is available online to hoteliers under valid support contracts. If companies no longer have a support contract in place, the patch can still be applied but must be found and downloaded manually.

Hotel networks remain a popular attraction for cyberattackers looking to steal valuable data and infect victims with malware due to the quick succession of victims connecting to Wi-Fi networks offered at hotels. Last year, an advanced persistent threat (APT) campaign dubbed DarkHotel was unveiled by Kaspersky Labs. The cybercrime campaign, designed to trap unwary business travelers in Asia, used malware lurking on hotel networks to trick them into downloading and installing backdoors disguised as 'welcome' packages. The victim's PC was then infected with spyware.

"While the DarkHotel campaign was clearly carried out by an advanced threat actor with a large number of resources, CVE-2015-0932 is a very simple vulnerability with devastating impact," Wallace said. "The severity of this issue is escalated by how little sophistication is required for an attacker to exploit it."

Read on: In the world of security

Read on: Fixes and Flaws