Thursday, 2 April 2015

Hotel Wi-Fi Insecurity: Yet Another Argument in Support of VPNs

Last week, cybersecurity company Cylance revealed CVE-2015-0932, a crippling vulnerability in the Wi-Fi networks of 277 hotels and conference centers worldwide. InnGate, an ANTlabs corporate guest/visitor network device, was found to allow unauthenticated users to read and rewrite system files.

In the words of Cylance Senior Security Researcher Justin W.Clarke, “This vulnerability would provide an attacker the ability to use this InnGate device for anything they want.”

Hackers could infect hotel guests’ computers with malware and read all of their plaintext communication; an industrious hacker could access encrypted communication by exploiting OpenSSL vulnerabilities. 

To exacerbate the threat, several of the compromised hotels had linked their InnGate devices with their Property Management Systems (PMS), giving hackers access to just about everything, including guest reservations, points of sale, HR and payroll, and sales and marketing. WIRED highlighted the severity of this situation by reminding readers that the 2011 assassination of a Hamas official was successful because of a reprogrammed electronic hotel room lock. 

What is most noteworthy, however, is that no one is looking to blame the hotels, ANTlabs, or even hackers for this vulnerability. The hotels—though displayed on a map and said to run the cost gamut—remain anonymous; CVE-2015-0932 itself was discovered in February, but not made public until hotels were informed and a corrective firmware update could be released. Rather than question ANTlabs' credibility, Cylance applauded the vendor's rapid response to CVE-2015-0932. The vulnerability was old news before it could even be news.

CVE-2015-0932 is already a thing of the past and, as such, lives on merely as a reminder. We expect to have access to public Wi-Fi everywhere we go; when we choose to use it carelessly, we cannot blame the hardware, the provider, or the hacker who stole our credit card information. We can only blame ourselves.

We live in a world in which neither government nor business will guarantee internet privacy. According to Business Insider, security experts like Clarke turn to VPN services when on public Wi-Fi. Take matters into your own hands and do the same.

No comments:

Post a Comment