Hotel Router Vulnerability Patched

Tuesday, March 31, 2015 @ 11:03 AM gHale

For those traveling around the world going from one facility to the next remember a key security concept is hotel connections are usually not the most secure.

That thought comes to mind after an authentication vulnerability in the firmware of several models of InnGate routers made by ANTlabs could be putting hundreds of hotel guests’ data at risk.

Router Flaw Allows Loss of Control
Trojan Delivered in Fake Software Update
Huge Botnet Disabled
Malware Couples with Backdoor Trojan

The flaw could allow an attacker to distribute malware to guests, monitor and record data sent over the network and possibly gain access to the hotel’s reservation and keycard systems, according to a published report.

If exploited, attackers could gain direct access to the root file system of the device. At this point, they could write files to the routers or copy configuration and other files from the system.

ANTlabs issued a patch for the vulnerability on Thursday, according to a company blog post. Router owners under a valid support contract can get the patch from the company’s online patching store. Those without a valid contract will need to apply the patches manually.

Cylance researchers found 277 vulnerable devices in 29 countries, although they said others could exist. More than 100 devices were in the U.S. Sixteen were found in the UK.

Although most InnGate routers were in hotels, others are in convention centers, as well.

Leave a Reply

You must be logged in to post a comment.