|
Getting your Trinity Audio player ready...
|
Etizaz Mohsin, a Pakistani cybersecurity researcher, was in a hotel room in Qatar when he unintentionally uncovered a technical flaw in the company’s internet infrastructure, exposing the private information of hundreds of hotels and millions of visitors throughout the world.
“I discovered that there is an rsync [file synchronisation tool] service running on the device that allows me to dump the device’s files to my own computer,” Mohsin explained. “I was able to gain access to all other hotels’ sensitive information that was being stored on the FTP [file transfer protocol] server for backup purposes.”
He was able to collect network configurations for 629 large hotels in 40 countries, as well as the personal information of millions of customers, including room numbers, emails, and dates of check-in and check-out.
The data included information from major hotel chains in Qatar, Turkey, the United Arab Emirates (UAE), Saudi Arabia, Lebanon, Egypt, Bahrain, Oman, Jordan, Kuwait, and Bahrain, as well as the Kempinski, Millennium, Sheraton, and St Regis in Qatar, Turkey, the United Arab Emirates (UAE), Saudi Arabia, Lebanon, Egypt, Bahrain, Oman, Jordan, Kuwait, and Bahrain.
The hotels all employ a British business named AirAngel’s HSMX Gateway internet technology. Its clients include some of the world’s most well-known hotel chains.
This is standard procedure; most hotels, shops, restaurants, and cafés need visitors to register an account and fill out their details before they may use the internet. It is, however, not without its drawbacks.
“A public WiFi network is inherently less secure than one you use at home,” noted Mohsin. “It gives hackers access to critical information like banking credentials and account passwords by allowing them to monitor and intercept data transferred across the network.”
Researchers uncovered a weakness in hotel routers seven years ago, which affected 277 devices in hotels and convention centres in the United States, Singapore, the United Kingdom, the United Arab Emirates, and 25 other nations.