Hotel internet is so far from secure — it’s downright scary. You should know this by now. However, a new report from cyber security researchers suggests that issues with shitty security at hotels extend far beyond hackable Wi-Fi networks. Entire systems at some of the world’s top hotel chains are very, very vulnerable.
Justin Clarke, a researcher for the security firm Cylance, recently discovered a major problem with InnGate routers — by accident. Built by AntLabs, these widely-used pieces of network hardware are used to power visitor-based networks used in hotels as well as convention centres. They’re also connected to hotel property management systems, the sensitive software that powers everything from reservations to phone systems to credit card transactions. Using a simple command, Clarke was able not only to see the file directory for InnGate routers plugged into hotel networks but also write to the hotel file system. That means he could easily upload malware to guests’ computers, intercept payment information, and possibly access the hotel’s reservations system.
This is unsettling. The Cylance team eventually discovered that eight out of the top 10 hotel chains in the world are using InnGate routers. If you stay at, say, a Marriott, Hilton, or Starwood hotel, there’s a good chance your computer’s vulnerable. The map above shows the locations of the 100+ easily hackable systems.
Of course, after the security researchers’ report, we can only hope that AntLabs will fix the vulnerability. Then we’ll be back to worrying about all of the other scary hotel hacks out there in the wild.