A security researcher says the internet portal, which hundreds of hotels use to deliver and manage Wi-Fi networks for guests, has vulnerabilities that could put their guests’ personal information at risk.
Ataz Muhsin told TechCrunch that the Airangel HSMX portal contains encrypted passwords that are “very easy to guess”. With these passwords, which we do not publish, the attacker can remotely access the gateway settings and databases, which store guest logs using Wi-Fi. With this access, he said, an attacker could access and infiltrate guest records, or reconfigure the gateway’s network settings to inadvertently redirect guests to malicious web pages.
In 2018, Mohsen discovered one of these portals on the network of a hotel he was staying in. He found that the portal was syncing files from another server over the Internet, which Mohsen said contained hundreds of portal backup files from some of the most luxurious and expensive hotels in the world. He said the server also stored “millions” of guest names, email addresses, and arrival and departure dates.
Mohsen reported the error and the server was secured, but that sparked an idea: Could this one gateway contain other vulnerabilities that could put hundreds of other hotels at risk?
In the end, the security researcher found five vulnerabilities he said could compromise the portal – including guest information. One of the screenshots he shared with TechCrunch showed the administration interface of a vulnerable hotel’s portal revealing the guest’s name, room number, and email address.
The cache was reported to Airangel by the optimizer of the newly discovered flaw, but months have passed and the UK-based network equipment manufacturer still hasn’t fixed the bugs. A representative told Mohsen that the company had not sold the device since 2018 and it is no longer supported.
But Mohsen said the device is still widely used in hotels, malls and conference centers around the world. Internet scans show that more than 600 portals can be accessed from the Internet alone, although the real number of devices at risk is likely to be higher. He said most of the affected hotels are in the UK, Germany, Russia and across the Middle East.
“Given the level of access this chain of vulnerabilities provide to attackers, there seems to be no limit to what they can do,” Mohsen told TechCrunch.
Mohsen presented his findings at the Hack conference in Saudi Arabia last month. Airangel did not respond to a request for comment.