Hotel Wi-Fi Security Flaws Discovered

Hotel Guest Wi-Fi Networks Face Security Risks

A security vulnerability has been identified in an internet gateway utilized by numerous hotels for managing and providing guest Wi-Fi access. This flaw potentially exposes the personal data of hotel patrons to risk.

Hardcoded Passwords and Potential Access

Etizaz Mohsin, a security researcher, informed TechCrunch that the Airangel HSMX Gateway incorporates hardcoded passwords that are remarkably simple to decipher. Successful exploitation of these passwords would grant an attacker remote control over the gateway's configurations and databases.

These databases contain records pertaining to guests utilizing the Wi-Fi network. An attacker gaining such access could potentially steal guest information or manipulate network settings.

Discovery of Exposed Data

In 2018, Mohsin initially discovered a gateway on a hotel network during his own stay. He found the gateway was synchronizing files from an external server.

This server contained numerous backup files from high-end hotels globally, along with “millions” of guest records including names, email addresses, and check-in/check-out dates.

Further Vulnerabilities Identified

Following the initial discovery, Mohsin investigated whether additional vulnerabilities existed within the gateway, potentially impacting a wider range of hotels.

His research revealed five distinct vulnerabilities capable of compromising the gateway and, consequently, guest information. A screenshot shared with TechCrunch displayed a hotel gateway’s administration interface revealing guest names, room numbers, and email addresses.

Lack of Patch and Widespread Use

Mohsin promptly reported these vulnerabilities to Airangel. However, despite the passage of months, the U.K.-based networking company has not released any patches to address the issues.

Airangel stated that sales of the device ceased in 2018 and it is no longer supported. Despite this, Mohsin asserts the gateway remains in widespread use across hotels, shopping centers, and convention facilities worldwide.

Significant Number of Vulnerable Devices

Internet scans indicate that over 600 gateways are currently accessible via the internet. The actual number of vulnerable devices is likely considerably higher.

The majority of affected hotels are located in the U.K., Germany, Russia, and throughout the Middle East.

Potential Impact of Exploitation

“Considering the extent of access these vulnerabilities provide to attackers, the potential for malicious activity appears limitless,” Mohsin explained to TechCrunch.

Mohsin presented his findings at the @Hack conference in Saudi Arabia last month. Airangel has not yet provided a response to requests for comment.