Friday 27 March 2015

Serious Leak In Wi-Fi Networks Detected And Patched Hotels


A researcher has discovered a serious vulnerability in the Wi-Fi networks of hundreds of hotels allow an attacker the wifi gateway can completely take over and use to infect visitors with malware or attack the systems of the hotel. The vulnerability is in the ANTLabs InnGate, a popular Internet gateway for hotels, conference centers and other places that offer temporary wifi access.

A vulnerability allows the equipment ensure that a remote attacker full read and write access to the file system can get. This is easily done via rsync daemon that runs on TCP port 873 and no credentials required. Once an attacker connects to the rsync daemon, normally for synchronizing files and creating backups is used, it unlimited files on the file system read and write.

Thus, it is possible to upload a gebackdoorde version of each file or add a user with root privileges. The severity of the leak is increased because it is very easy to attack. Execute any Linux or Unix system with the rsync command can attack namely.Something as researcher Brian Wallace , who discovered the problem through a few keystrokes to do.
Attacks

Once an attacker has taken over the wifi gateway can he attack other users. In the past, there are targeted attacks discovered that users of Wi-Fi networks were notified that they had to update Flash Player instance. It then went to malware via the wifi gateway by the attackers was offered. Also, an attacker can modify files that users of the Wi-Fi network to download and replaced by malware.

It is also easy to intercept unencrypted communications from users. In addition, it was found that the WiFi gateways in some cases in Property Management Systems (PMS) were integrated. These systems are currently being used for hotel reservations, customer data, payroll and many more things. In addition, a PMS for and used by multiple locations. By integrating an attacker can attack the PMS itself. Through the PMS would then be possible to attack other hotel locations.

Wallace performed a scan on the Internet and discovered 277 vulnerable devices in 29 countries, including the Netherlands. ANTLabs yesterday released an update for the vulnerability. However, it is not known if that is installed already by all vulnerable hotels. System administrators can also prevent abuse of the vulnerability by blocking Internet access to the Rsync process

No comments:

Post a Comment