"Security Flaws Found in a Popular Guest Wi-Fi System Used in Hundreds of Hotels"

A security researcher named Etizaz Mohsin discovered that the Airangel HSMX Gateway, used by hundreds of hotels to provide and manage guest Wi-Fi networks, contains security flaws, putting hotel guests' personal information at risk. According to Mohsin, the Internet gateway contains easily guessable hardcoded passwords that could allow an attacker to gain remote access to the gateway's settings and databases, which consists of records pertaining to the guests using the Wi-Fi. With this type of access, a malicious actor could steal guest records as well as change the gateway's networking settings to redirect unsuspecting guests to malicious websites. The security researcher found five vulnerabilities that could compromise the gateway, including information belonging to guests. He shared a screenshot with TechCrunch that shows the administration interface of one hotel's vulnerable gateway exposing a guest's name, room number, and email address. Mohsin reported the flaws to Airangel, but the UK-based networking gear maker still has not fixed them as the company said the device has not been sold since 2018 and was no longer supported. However, the device is still used by many hotels, malls, and convention centers globally. Internet scans found that there are over 600 gateways accessible from the Internet alone. The actual number of vulnerable devices is likely higher. Most of the hotels affected by the security flaws are located in Germany, Russia, the UK, and across the Middle East. This article continues to discuss the discovery, potential exploitation, and impact of the security flaws found in the widely used guest Wi-Fi system. 

TechCrunch reports "Security Flaws Found in a Popular Guest Wi-Fi System Used in Hundreds of Hotels"