The names and locations of those breached wi-fi networks haven't been released yet, but the raw numbers are that the hackers hit the routers of 277 different hotels, convention centers and data centers in 29 different countries, including the U.S., the U.K., Australia and Cuba.
Security researchers from Cylance's Sophisticated Penetration Exploitation And Research (SPEAR) team discovered that ANTLabs InnGate routers, used in many hotels and other visitor-based networks, had a vulnerability which SPEAR labeled CVE-2015-0932, which “gives an attacker full read and write access to the file system of an ANTLabs’ InnGate device,” as Cylance reported. That in turn lets the attacker plant malware on, or steal data from, any phones, laptops, tablets or other devices connected to the infected network.
Zero-day
This latest discovery is a “zero-day” vulnerability, which is tech shorthand for “Bad-guy hackers discovered and took advantage of this vulnerability first, and good-guy security researchers only discovered the vulnerability afterwards. Thus, zero days pass between the discovery of the vulnerability and the first discovered attack.”
The affected locations include “hotels ... all up and down the spectrum of cost, from places we've never heard of to places that cost more per night than most apartments cost to rent for a month. The Cylance team is working to alert the affected organizations.”
ANTLabs has already released a patch for the vulnerability.
This is not the first time hackers have breached a hotel's wi-fi network. Last November, researchers at Kaspersky discovered that, for at least the four previous years, a group of hacker/spies engaged in a worldwide campaign of widespread corporate espionage called “Darkhotel.”
The Darkhotel hackers operated by attacking and intercepting the wi-fi networks at luxury hotels of the sort where major-company CEO-types stay while on business trips, and using those networks to plant keylogging malware on the communication devices of certain selected executives – particularly those in the nuclear industry or the U.S. defense industry (read: weapon-makers).
There's no evidence that the hackers who exploited vulnerability CVE-2015-0932 are connected to the Darkhotel hackers, though. Indeed, from the perspective of a hacker, Cylance's discovered vulnerability is even easier to use than Darkhotel:
An attacker exploiting the vulnerability in CVE-2015-0932 would have the access to launch DarkHotel-esque attacks against guests on the affected hotel's WiFi. Targets could be infected with malware using any method from modifying files being downloaded by the victim or by directly launching attacks against the now accessible systems. Given the level of access that this vulnerability offers to attackers, there is seemingly no limit to what they could do.
If you're an ordinary traveler or convention-goer, the best way to protect your devices from compromised public wi-fi networks is to not use public wi-fi at all; ignore wi-fi hotspots and use your phone's cellular network to connect to the Internet instead.