Malls, hotels, convention centers at risk
In total, the researcher found five vulnerabilities he believes could compromise the gateway and put users and their endpoints at risk. Reaching out to Airangel for comment, the company allegedly told Mohsin the device was discontinued in 2018 and is no longer supported – meaning the bugs still haven`t been fixed. According to Mohsin, the device is still “widely used” in hotels, shopping malls and convention centers around the world, with web scans showing at least 600 accessible devices.
An internet gateway that many hotels use to provide their guests with Wi-Fi connectivity is flawed to the point where a malicious actor could exfiltrate sensitive and personally identifiable data on them, researchers have claimed. Etizaz Mohsin discovered that the gateway, called Airangel HSMX Gateway, contains hardcoded passwords that were “extremely easy to guess”. With these passwords, a malicious actor could access the gateway`s database with all the data on the people using the network, including the guest`s name, room number, and email address and possibly also be able to redirect users to other websites.
Highlights
-
Pay for Services, Use Social Media Accounts, or Access Business Email. To stay safe while browsing, we recommend that users use a virtual private network (VPN). This is to hide the user’s girlfriend’s IP address and encrypt the connection, making online actions essentially untraceable and more secure.
-
The final figure could be even higher, as the majority of the hotels at risk are in the UK, Germany, Russia and the Middle East. “Given the level of access that this suite of vulnerabilities provides an attacker, there seems to be no limit to what an attacker can do,” he said. Public WiFi networks in hotels, coffee shops, libraries, airports, etc. are generally considered a security risk. Cybersecurity researchers have warned for years that we should refrain from certain things while connected to these networks.