A security researcher said the Wi-Fi Internet gateways used by hundreds or thousands of hotels have a serious vulnerability or put guests' personal information at risk. Etizaz Mohsin notes that the Airangel HSMX gateway contains hard-coded passwords that are "extremely easy to guess." Using these undisclosed credentials, an attacker could remotely access gateway settings and databases, ultimately leading to information such as a database that stores records of customer Wi-Fi usage.
Customer story (from Airangel's official website)
In this way, an attacker can hack and steal visitor records, or reconfigure the gateway's network settings to unknowingly redirect the victim to a malicious web page.
In fact, back in 2018, Etizaz Mohsin discovered an unusually behaving gateway on the network of a hotel where he was staying, synchronizing files from another server on the Internet.
Mohsin notes that it contains hundreds of gateway backup files from some of the world's most prestigious and expensive hotels, and that "millions" of private information such as customer names, email addresses, check-in/check-out dates, and so on are collected and stored on remote servers.
After reporting vulnerabilities and securing servers, Mohsin began to ponder another question — did these gateways imply vulnerabilities that could expose hundreds of other hotels to the same risk? Ultimately, the security researcher discovered five vulnerabilities that could compromise the gateway, including customer information.
Mohsin shared a screenshot with foreign media showing the gateway management interface of a vulnerable hotel with a list of customers' names, room numbers, and email addresses.
(Figure via Brainworks.de)
Speechless, despite reporting the newly discovered vulnerability to Airangel a few months ago, the UK-based network equipment maker has been slow to fix it.
One of the company's sales representatives replied that Airangel had discontinued the sale of such devices, which were no longer supported, since 2018. The reality, however, is that these legacy devices are still widely used in hotels, malls and convention centers around the world.
Even with a simple Internet scan, 600+ Airangel gateways at risk of exposure (the actual number of devices may be higher) can be discovered, and most of the affected hotels are located in the UK, Germany, Russia and the Middle East market.