Wi-Fi is a tremendous communications boon, allowing users of desktop and mobile devices great flexibility. But like all wireless technologies, it also opens a security hole.
That became evident again this week when Cylance Inc., a California maker of threat detection and protection solutions said it had discovered a vulnerability in some Linux-based InnGate HSIA gateways made by Singapore’s ANTLabs, which are sold to hotels, convention centres, airports and campuses around the world.
A fix for the vulnerability, labelled CVE-2015-0932 by the American CERT, was released Thurdsay. But it serves as a reminder that chief security officers have to continually remind staff about security precautions needed when using wireless networks outside the enterprise.
That includes using a VPN to connect to sensitive corporate sites, being careful when using email and not doing any financial-related transactions.
The vulnerability — found by an Internet scan in at least 229 devices in 29 countries including many in the U.S. — “is unnerving not only a due to what it affects, but also how simple it is to exploit,” Cylance said in a blog.
It gives an attacker full read and write access to the file system of an InnGate device. “Remote access is obtained through an unauthenticated rsync daemon running on TCP 873,” says the blog. “Once the attacker has connected to the rsync daemon, they are then able to read and write to the file system of the Linux based operating system without restriction.
“When an attacker gains full read and write access to a Linux file system, it’s trivial to then turn that into remote code execution. The attacker could upload a backdoored version of nearly any executable on the system and then gain execution control, or simply add an additional user with root level access and a password known to the attacker. Once full file system access is obtained, the endpoint is at the mercy of the attacker.”
Any *nix system which has the rsync command available is capable of exploiting the vulnerability in a few keystrokes after discovering the availability of an InnGate device.
An attacker could leverage access as the so-called DarkHotel gang has done, which has infected hotel Wi-Fi networks, says Cylance.