Almost All of the World's Top Hotel Chains Use Easily Hackable Hardware

Illustration for article titled Almost All of the Worlds Top Hotel Chains Use Easily Hackable Hardware

Hotel internet is so far from secure—it's downright scary. You should know this by now. However, a new report from cyber security researchers suggests that issues with shitty security at hotels extend far beyond hackable Wi-Fi networks. Entire systems at some of the world's top hotel chains are very, very vulnerable.

Justin Clarke, a researcher for the security firm Cylance, recently discovered a major problem with InnGate routers—by accident. Built by AntLabs, these widely-used pieces of network hardware are used to power visitor-based networks used in hotels as well as convention centers. They're also connected to hotel property management systems, the sensitive software that powers everything from reservations to phone systems to credit card transactions. Using a simple command, Clarke was able not only to see the file directory for InnGate routers plugged into hotel networks but also write to the hotel file system. That means he could easily upload malware to guests' computers, intercept payment information, and possibly access the hotel's reservations system.

Illustration for article titled Almost All of the Worlds Top Hotel Chains Use Easily Hackable Hardware

This is unsettling. The Cylance team eventually discovered that eight out of the top 10 hotel chains in the world are using InnGate routers. If you stay at, say, a Marriott, Hilton, or Starwood hotel, there's a good chance your computer's vulnerable. The map above shows the locations of the 100+ easily hackable systems.

Of course, after the security researchers' report, we can only hope that AntLabs will fix the vulnerability. Then we'll be back to worrying about all of the other scary hotel hacks out there in the wild.

[Cylance via Wired]

Image via Shutterstock

Contact the author at
Public PGP key
PGP fingerprint: 91CF B387 7B38 148C DDD6 38D2 6CBC 1E46 1DBF 22


Share This Story

Get our newsletter


Yet more proof that hotels need to use an Identity/Policy based security engine with some actual layer 2/VLAN segregation on the back end. I've been saying this for years.