Big Vulnerability In Hotel Wi-Fi Router Puts Guests At Risk

An anonymous reader writes Guests at hundreds of hotels around the world are susceptible to serious hacks because of routers that many hotel chains depend on for their Wi-Fi networks. Researchers have discovered a vulnerability in the systems, which would allow an attacker to distribute malware to guests, monitor and record data sent over the network, and even possibly gain access to the hotel's reservation and keycard systems. The vulnerability, which was discovered by Justin W. Clarke of the security firm Cylance, gives attackers read-write access to the root file system of the ANTlabs devices. The discovery of the vulnerable systems was particularly interesting to them in light of an active hotel hacking campaign uncovered last year by researchers at Kaspersky Lab. In that campaign, which Kaspersky dubbed DarkHotel.

Cookie authenticated or open WiFi is insecure?

[jafiwam]

Isn't it sort of obvious that hotel networks are a free-for-all security wise?

Use a VPN and SSL.

Re:Cookie authenticated or open WiFi is insecure?

[CaptSisko]

An encrypted VPN might not help you in this case. Most hotel WiFi setups require you to go through a landing page first (captive portal), before internet access is released. This would still expose you to the same vulnerabilities.

Re:Cookie authenticated or open WiFi is insecure?

[Shoten]

Isn't it sort of obvious that hotel networks are a free-for-all security wise?

Use a VPN and SSL.

RTFA; that won't help.

The problem is that before you can connect out to use your VPN, you first have to get provisioned by the hotel's wifi. This involves at a minimum checking a box that says "I won't try to hack or do bad things," along with either authorizing a charge, giving the webpage your hotel frequent traveler info/name and room number, or authorizing a charge for the Internet access. Those pages are what put you at risk; the attacker hacks the router that serves up the page, adds a nice little bit of extra code to serve up malware (that he also uploads to the router itself, so no need for outside Internet to get it), and boom...everyone with a vulnerable system that connects in that hotel gets pwned.

And that's beyond the risk of the machine serving as a jump-point for deeper penetration into the hotel itself. How is your using a VPN going to protect the hotel's keycard system from being hacked? Or protect your private information that resides in the reservation system?

Re:Cookie authenticated or open WiFi is insecure?

[parkinglot777]

Isn't it sort of obvious that hotel networks are a free-for-all security wise?

Of course, it is obvious. If we ponder a little bit further, we would know that the main purpose of hotel is for temporarly stay, not Internet services. So can't expect the latter service quality to be secured. ;)

Tom Bodette will leave the wifi on for you

[rmdingler]

I just assume that, with free wifi, I'm getting precisely what I'm paying for.

Re:Tom Bodette will leave the wifi on for you

[Errol+backfiring]

I think you do pay for the wifi. In hotels, it is usually not "free wifi" but "wifi included in the package". If you only visit the hotel without renting a room it may still be open, but it is meant for the paying guests.

And?

[ledow]

Hotel wireless is already a risk anyway.

Let's assume the wireless is open. Then anyone and everyone in an adjoining room can sniff everything you do over it anyway.

Let's assume that you are given the key to join the network. Anyone else who has the same key - same thing. AP isolation doesn't save you against someone recording your traffic and having access to the key used to encrypt it.

Wireless is UNTRUSTED. Even wired is UNTRUSTED. You do not know who's pushing that Facebook DNS entry to you, nor that the Facebook TLS is properly signed if you can't rely on the DNS entry.

When you're not using your own networks, use a VPN. That way you don't even have to care if someone bothered to put even WEP on the connection - the VPN gives you the security for your data. However, be sure that if you're doing this, you have a firewall (you are STUPID if you don't) as anything else can send you traffic in these instances too, no encryption, WEP, WPA, WPA2, it doesn't matter.

Every time someone says "join my wireless", replace it mentally with "just plug this cable that connects to all my local machines and also every guest that's ever had the same offer, into your laptop".

Firewall it. VPN it. Then you don't even need to care that it's an open network. And, shockingly, the same config will work with cabled networks.

And if it doesn't work? You don't want to use that connection. Any hotel that breaks your VPN is one that's almost certainly providing some poor replacement for it.

Re:And?

[BitZtream]

nor that the Facebook TLS is properly signed if you can't rely on the DNS entry.

TLS doesn't depend on DNS working properly and not being corrupted. Its job, is in fact, to alert you of the fact that things like DNS corruption are taking place, or that someone is intercepting your traffic.

I just skip the "free" wifi

[sjbe]

There is a reason why I generally use LTE through my phone instead of "free" wifi when traveling. Not only is the LTE usually faster and less geographically constrained, but I don't have nearly as many security or connectivity problems 99% of the time. I've been behind the scenes at some restaurants and hotels and the "security" setup pretty much convinced me that free wifi is generally not worth the risk if you have a viable alternative. I assure you that many hotels and probably most restaurants do not have a crack IT staff maintaining their system. It's about as basic and insecure as you can possibly imagine. I've even had to point out to a franchised restaurant that they had the free wifi on the same subnet as their internal computers with zero protection of any kind.