Irish hotels vulnerable to attacks on their wifi
Published 09/04/2015 | 02:30
An international IT security firm has warned that an undisclosed number of Irish hotels are currently using easily hackable wifi equipment.
US-based Cylance released details of a report claiming that hotels in Ireland and Europe are using wifi technology that is easily hacked.
The company warned that guests' personal details and booking information are at risk and that those using compromised hotels' wifi are vulnerable unless the hotels have patched the security gap.
The company, which consulted with international security authorities before disclosing the hacking vulnerability, declined to name the Irish hotels detected.
But it said that the exploitation would only need a low level of sophistication to perpetrate.
"It has the potential to impact millions of customers, ranging from everyday vacationers to tradeshow attendees and high priority targets such as government officials, corporate executives and chief security officers," said Justin Clarke, a senior security researcher from the security firm.
"An attacker exploiting this new vulnerability could infect specific targets or anyone who connects via wifi through it with malware, gain access to personal credentials stored on a user's computer and gain full access to property management systems that contain guest booking details and point of sale information."
The security flaw affects a brand of router commonly used by hotel chains. A fix for the security hole has been released but must be manually applied, leaving guests of hotels with lax IT departments vulnerable.
Earlier this year, a survey from the Irish Computer Society claimed that half of Irish companies have suffered a data breach in the last 12 months.
The wifi vulnerability is the latest in a series of incidents where hotel guests have been targeted.
In November, the security firm Kaspersky revealed that an espionage campaign known as 'Darkhotel' has been stealing sensitive data from travelling executives via hotel wifi networks for the past four years.
The Darkhotel campaign, which comprises targeted attacks and botnet-style operations, specifically targets top executives staying in luxury hotels while on business trips, the cyber security company said.
Once connected to a hotel's network, the attacker tricks the user into downloading a piece of malware masquerading as legitimate software onto their computer, infecting the device with the 'Darkhotel' spying software.
The software then hunts for the victim's cached passwords, login credentials and steals keystrokes entered on the device, with the aim of accessing the intellectual property of the business entities the user represents.
As an alternative, experts recommend using a phone's mobile hotspot feature or downloading a virtual private network application to use with the hotel wifi network.