Cylance Researchers Discover Critical Vulnerability Affecting Hotel Chains Worldwide

Cylance, the first predictive cyber threat security company that combines the power of math and machine learning to stop malware, today revealed that its security research team — dubbed Cylance SPEAR — discovered a critical vulnerability in ANTlabs’ InnGate product that could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user’s connection and potentially gain access to a hotel’s property management system (PMS).

This vulnerability affects 277 hotels, convention centers and data centers across 29 countries. It has the potential to impact millions of customers ranging from everyday vacationers and data center IT staff to tradeshow attendees and high priority targets such as government officials, corporate executives and CSOs.

Cylance has worked closely with the US-CERT and CERT/CC to coordinate the disclosure of this vulnerability responsibly. ANTlabs is making a patch available today for its InnGate product. For more information about how to apply necessary protections, visit www.antlabs.com.

“Given that the ANTlabs’ product integrates with external systems, such as a hotel’s PMS, this vulnerability could be leveraged to gain deeper access into a hotel’s business network. This is similar to the Target breach where attackers were able to penetrate the organization’s internal network through a vulnerability in the heating and cooling system,” said Justin W. Clarke, senior security researcher on the Cylance SPEAR team. “As this vulnerability is so widespread, Cylance SPEAR quickly notified US-CERT to coordinate the vulnerability verification, patch development, and today’s disclosure with the ANTlabs.”

This is not the first time Cylance researchers have seen activity of this nature, as this vulnerability could allow a threat actor to carry out an attack similar to DarkHotel, a campaign discovered last November that infected Internet gateways at Asian Luxury hotels in order to compromise high-profile guests. An attacker exploiting this new ANTlabs InnGate vulnerability could infect specific targets or anyone who connects via WiFi through it with malware, gain access to personal credentials stored on a user’s computer and gain full access to property management systems (PMS) that contain guest booking details and point of sale information.

The exploitation would only need a low level of sophistication and no authentication. The threat has been assigned a CVE-2015-0932 identifier and ranks the maximum score, 10.0, on the CVSS 2.0 scale.

This marks the first official announcement from Cylance’s new research team SPEAR (Sophisticated Penetration Exploitation and Research). The SPEAR team’s work will be dedicated to cutting edge security research and improving the state of information security for users worldwide. The team is focused on detecting and stopping the execution of malware, APTs and advanced threats before they hit the system. SPEAR will perform research on vulnerabilities, threat actors, malware and tools needed to prevent attacks before they cause damage.

“Cylance SPEAR will dig into the hacker mindset to uncover emerging attack and defense methods,” said Ryan Permeh, co-founder and chief scientist at Cylance. “Our research will also help to advance the capabilities of Cylance’s core product, CylanceProtect, and support the company’s mission to abolish the need for traditional signature-based technologies that consistently miss advanced security threats.”

For more information about this vulnerability and to learn about future discoveries, please visit http://blog.cylance.com/.