Security Flaws Found in a Popular Guest Wi-Fi System Used in Hundreds of Hotels

A security researcher says an internet gateway used by hundreds of hotels to offer and manage their guest Wi-Fi networks has vulnerabilities that could put the personal information of their guests at risk. From a report: Etizaz Mohsin told TechCrunch that the Airangel HSMX Gateway contains hardcoded passwords that are 'extremely easy to guess.' With those passwords, which we are not publishing, an attacker could remotely gain access to the gateway's settings and databases, which store records about the guest's using the Wi-Fi. With that access, an attacker could access and exfiltrate guest records, or reconfigure the gateway's networking settings to unwittingly redirect guests to malicious webpages, he said. Back in 2018, Mohsin discovered one of these gateways on the network of a hotel where he was staying. He found that the gateway was synchronizing files from another server across the internet, which Mohsin said contained hundreds of gateway backup files from some of the most prestigious and expensive hotels in the world. The server also stored 'millions' of guest names, email addresses and arrival and departure dates, he said. Mohsin reported the bug and the server was secured, but that sparked a thought: Could this one gateway have other vulnerabilities that could put hundreds of other hotels at risk? In the end, the security researcher found five vulnerabilities that he said could compromise the gateway -- including guests' information.

Read more of this story at Slashdot.