Your hotel Wi-Fi network may have some serious security flaws

News
By published

An old and vulnerable gateway is still being widely used, researcher claims

Person Plugging in Ethernet Cable
(Image credit: Gorodenkoff / Shutterstock)

An internet gateway that many hotels use to provide their guests with Wi-Fi connectivity is flawed to the point where a malicious actor could exfiltrate sensitive and personally identifiable data on them, researchers have claimed.

Etizaz Mohsin discovered that the gateway, called Airangel HSMX Gateway, contains hardcoded passwords that were “extremely easy to guess”. 

With these passwords, a malicious actor could access the gateway’s database with all the data on the people using the network, including the guest’s name, room number, and email address and possibly also be able to redirect users to other websites.

Malls, hotels, convention centers at risk

In total, the researcher found five vulnerabilities he believes could compromise the gateway and put users and their endpoints at risk.

Reaching out to Airangel for comment, the company allegedly told Mohsin the device was discontinued in 2018 and is no longer supported - meaning the bugs still haven’t been fixed. 

Mohsin says the device is still “widely” used by hotels, malls, as well as convention centers around the world, and internet scans have shown at least 600 accessible devices. The final number could be a lot higher, with the majority of at-risk hotels are in the UK, Germany, Russia, and the Middle East.

“Given the level of access that this chain of vulnerabilities offers to attackers, there is seemingly no limit to what they could do,” Mohsin told TechCrunch.

Public Wi-Fi networks, such as those found in hotels, cafes, libraries, or airports, are generally considered a security risk. Cybersecurity researchers have been warning for years how people should refrain from doing certain things while connected to these networks - like paying for services, using social media accounts, or accessing business email. 

To remain secure while browsing, users are advised to deploy a virtual private network (VPN), as it masks the IP address of the user and encrypts the connection, making online actions basically untraceable and more secure.

  • You might also want to check out our list of the best proxies right now

Via: TechCrunch

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Password
Millions of airline customers possibly affected by OAuth security flaw
Young man using a smartphone and laptop in a hotel room
Staying in a hotel? Here's why you need a VPN
Suitcase next to a bed in a hotel
Millions of hotel users see personal info checked out in huge data leak
Ransomware
Millions of hotel guest reservations leaked in Otelier data breach
A VPN runs on a mobile phone placed on a laptop keyboard
Major new online tunneling vulnerability could put millions of devices at risk
Thousands of misconfigured building access systems have been leaked online
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Businessman holding a magnifier and searching for a hacker within a business team.
Cloud streaming hoster StreamElements confirms data breach following attack
A digital representation of blockchain.
Malicious npm packages use devious backdoors to target users
Latest in News
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Nintendo Switch 2
The Nintendo Switch 2 pre-order date has seemingly been confirmed by Best Buy Canada – here's when you'll be able to order yours
More about security
Isometric demonstrating multi-factor authentication using a mobile device.

NCSC gets influencers to sing the praises of 2FA
Businessman holding a magnifier and searching for a hacker within a business team.

Cloud streaming hoster StreamElements confirms data breach following attack
David Kampf #64 of the Toronto Maple Leafs warms-up before playing the Philadelphia Flyers at the Scotiabank Arena on March 25, 2025 in Toronto, Ontario, Canada.

ChatGPT and Gemini Deep Research helped me choose an NHL team to support, and now I'm obsessed with ice hockey
See more latest
Most Popular
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
The cast of Black Mirror season 7
Everything new on Netflix in April 2025 – including Black Mirror season 7 and Love on the Spectrum
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Businessman holding a magnifier and searching for a hacker within a business team.
Cloud streaming hoster StreamElements confirms data breach following attack
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
A digital representation of blockchain.
Malicious npm packages use devious backdoors to target users
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 28 (game #1159)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 28 (game #390)