Following Kaspersky Labs’ identification of a unit issuing attacks on distinct high-end hotel guests in Asia and the US, ANTLabs, a technology company based in Singapore, has recently uncovered that a number of their InnGate routers apparently possess a firmware authentication flaw.
This means that their highly-regarded and widely-accepted InnGate routers now pose an imminent opportunity for a hacker to inject malware in a user’s computer device. So while one is relaxing in a hotel, a simple task like logging in on a laptop could mean that data sent over the network could possibly be monitored and used for hacking.
On a similar note, Cylance, a security firm, who discovered this security flaw said that at least eight out of ten hotel chains worldwide are believed to carry this vulnerability for simply using InnGate routers such as the IG 3100 or InnGate three series.
This vulnerability allows for complete compromise of the vulnerable system, but if there are only two running in the world, it’s not really a big deal. In order to test this, we fired up the IPv4 scanning tools Brian uses to hunt for botnet panels. After scanning all public addresses on IPv4 for vulnerable devices, we identified 277 devices which could be directly exploited from the Internet.
As such, tourists are now regarded as possible targets of hacking by the mere presence of routers in hotels. Since then and thereafter CERT Coordination Center team’s official disclosure about the flaw, ANTlabs has already uploaded a computer software update in their website.
In a connectivity-driven society, complimentary wi-fi is commonly marketed by top hotels and even smaller ones to attract guests. Consumers are therefore urged to ensure devices are protected by installing antivirus package.