ANTLabs InnGate devices are a popular Internet gateway for visitor-based networks and they’re commonly installed in hotels, convention centers and other places that provide temporary guests access to a WiFi connection.
If you’ve ever used WiFi in a hotel, you’re familiar with these types of devices as they are typically tied to a specific room number for billing purposes.
The Vulnerability
CVE-2015-0932 gives an attacker full read and write access to the file system of an ANTLabs’ InnGate device. Remote access is obtained through an unauthenticated rsync daemon running on TCP 873. Once the attacker has connected to the rsync daemon, they are then able to read and write to the file system of the Linux based operating system without restriction.
When an attacker gains full read and write access to a Linux file system, it’s trivial to then turn that into remote code execution. The attacker could upload a backdoored version of nearly any executable on the system and then gain execution control, or simply add an additional user with root level access and a password known to the attacker. Once full file system access is obtained, the endpoint is at the mercy of the attacker.
Wikipedia provides with an excellent summary of a PMS’ capabilities:
In the hospitality industry a property management system also known as a PMS is a comprehensive software application used to cover some basic objectives such as coordinating the operational functions of front office, sales and planning etc. Automate hotel functions like guest bookings, guest details, online reservations, point of sale, telephone, accounts receivable, sales and marketing, banquets, food and beverage costing, materials management, HR and payroll, maintenance management, quality management and other amenities. Hotel property management systems may interface with central reservation systems and revenue or yield management systems, front office, back office, point of sale, door-locking, housekeeping optimization, pay-TV, energy management, payment card authorization and channel management systems.
If this PMS controls multiple locations, the attackers could potentially leverage that access to infect the other branches of an organization.
As can be seen in the map below, these affected devices are quite spread out over the world. In fact, there are vulnerable devices in 29 countries including the United States, Cuba, Australia and Italy.
The affected nodes also include quite affluent hotels. Listing those vulnerable devices at this time would be irresponsible and could result in a compromise of those networks.
Take it from us that this issue affects hotels brands all up and down the spectrum of cost, from places we've never heard of to places that cost more per night than most apartments cost to rent for a month.
The Cylance team is working to alert the affected organizations.
Read the complete article here.