Vulnerability in Wi-Fi routers put guests and hotels at risk

Some Internet gateway devices commonly used by hotels and conference centers can easily be compromised by hackers, allowing them to launch a variety of attacks against guests accessing the Wi-Fi networks. The affected devices, designed to manage visitor-based networks, are manufactured by a company called ANTlabs and are used by both cheap and luxury hotels around the world, according to researchers from security firm Cylance.

The security hole involves an authentication vulnerability in the firmware of several models of InnGate routers made by ANTlabs, a Singapore firm whose products are installed in hotels in the US, Europe and elsewhere. The vulnerability gives attackers direct access to the root file system of the ANTlabs devices and would allow them to copy configuration and other files from the devices’ file system or, more significantly, write any other file to them, including ones that could be used to infect the computers of Wi-Fi users, reports Wired.

Of the 277 vulnerable devices accessible over the internet, the researchers found more than 100 of them were at locations in the US. But they also found 35 vulnerable systems in Singapore, 16 in the UK, and 11 in the United Arab Emirates. Devices behind a firewall, however, would still presumably be vulnerable to the same malicious activity by anyone who gets on the hotel’s network, reports PCWorld.

Virtual Event

HOTEL OPTIMIZATION PART 2 | SEPTEMBER 10 & 24, 2020

Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.


“Given that the ANTlabs’ product integrates with external systems, such as a hotel’s PMS, this vulnerability could be leveraged to gain deeper access into a hotel’s business network. This is similar to the Target breach where attackers were able to penetrate the organization’s internal network through a vulnerability in the heating and cooling system,” said Justin Clarke, senior security researcher on the Cylance SPEAR team. “As this vulnerability is so widespread, Cylance SPEAR quickly notified US-CERT to coordinate the vulnerability verification, patch development, and today's disclosure with the ANTlabs.”

This is not the first time Cylance researchers have seen activity of this nature, as this vulnerability could allow a threat actor to carry out an attack similar to DarkHotel, a campaign discovered last November that infected Internet gateways at Asian Luxury hotels in order to compromise high-profile guests, reports Dark Reading.  An attacker exploiting this new ANTlabs InnGate vulnerability could infect specific targets or anyone who connects via WiFi through it with malware, gain access to personal credentials stored on a user’s computer and gain full access to property management systems (PMS) that contain guest booking details and point of sale information.

“When an attacker gains full read and write access to a Linux file system, it’s trivial to then turn that into remote code execution,” Cylance researcher Brian Wallace said in a blog post. “The attacker could upload a backdoored version of nearly any executable on the system and then gain execution control, or simply add an additional user with root level access and a password known to the attacker. Once full file system access is obtained, the endpoint is at the mercy of the attacker.”

Suggested Articles

The hotel will implement a new, branded mobile app that delivers control to guests and GEMS, a back-office tool that streamlines operations.

The new features are meant to facilitate low-contact stays while also incorporating gamification into the guest experience.

Teams working remotely or apart can use group video and real-time collaboration for mobile and desktop.