Hundreds of thousands of tourists and visitors are, or have been, at risk of being hacked because wireless routers used at many hotel chains carry a serious vulnerability, according to a security firm that uncovered the flaw earlier this month.
Several of ANTLabs' InnGate routers, which are popular across the hospitality industry, have an authentication flaw in their firmware that could, in theory, allow an attacker to inject malware into guests' devices as well as monitor and record data sent over the network.
Security firm Cylance, which unearthed the vulnerability, claims that eight of the top 10 hotel chains worldwide might run a vulnerable device (either from the IG 3100 or InnGate 3 series).
Hotels targeted already
It did acknowledge that having the routers placed behind a firewall helps mitigate the threat as it would require the attacker to be physically closer to the target.
The discovery comes after researchers at another security outfit, Kaspersky Labs, found out that an entity had been carrying out attacks on specific guests who had been staying at high-end hotels in Asia and the US.
ANTlabs has issued a software update which is available from its website, following the official disclosure of the flaw by the CERT Coordination Center team.
Free Wi-Fi is one of the more popular features demanded by guests, who are wanting to share snaps of their holidays with friends and family, among other things.