Security flaws found in a popular guest Wi-Fi system used in hundreds of hotels
A security researcher says an internet gateway, used by hundreds of hotels to offer and manage their guest Wi-Fi networks, has vulnerabilities that could put the personal information of their guests at risk.
Etizaz Mohsin told TechCrunch that the Airangel HSMX Gateway contains hardcoded passwords that are “extremely easy to guess.” With those passwords, which we are not publishing, an attacker could remotely gain access to the gateway’s settings and databases, which stores records about the guest’s using the Wi-Fi. With that access, an attacker could access and exfiltrate guest records, or reconfigure the gateway’s networking settings to unwittingly redirect guests to malicious webpages, he said.
Back in 2018, Mohsin discovered one of these gateways on the network of a hotel he was staying at. He found that the gateway was synchronizing files from another server across the internet, which…