A vulnerability in the Wi-Fi routers used in hundreds of hotels across the world has been uncovered by security researchers, Wired reports.
Researchers from Cylance uncovered the flaw in various models of InnGate hotel routers, manufactured by ANTlabs. The weakness could give attackers access to the hotel routers' root file system, meaning they can either copy files from the system, or write their own. The latter could allow malicious types to infect devices connected to the hotel Wi-Fi.
Network World reports that 277 InnGate routers in 29 countries are affected by the vulnerability, but declined to say which hotels were using each device, noting this would be an irresponsible move while the patch issued by ANTLabs has not necessarily been applied. Researchers did say that over 100 of these were located within the United States, however.
"Take it from us that this issue affects hotels brands all up and down the spectrum of cost, from places we've never heard of to places that cost more per night than most apartments cost to rent for a month," the researchers said.
The number could be higher, Wired notes, as the 277 figure comes only from those hotel routers accessible over the internet. Anyone with access to the hotel Wi-Fi directly might be able to bypass firewalls that prevented remote hacks.
In some cases the router can be linked directly into a hotel's Property Management System, meaning a hacker could potentially control everything from billing and room keys to the in-room temperature.
"In a worst-case scenario, a hacker could seize control of the vulnerable router, hop into the PMS, copy all available credit cards and their owner’s details, and perhaps for mirth change the locks on a few doors – rendering the plastic keycards useless – and dialing the temperature up to 105 degrees in victim rooms," claims Yahoo News
While there's nothing that can be done about the security of hotel routers (other than avoiding using Wi-Fi), your own router can certainly be made a bit more secure. The video below has some helpful pointers to get started.