Skip to main content

Mon, Nov 24, 2014 10:00 AM

Dark Hotel ? What security changes should I make on the ZD 1100, in relation to the new threat.

What is best practice, and what changes may help on the ZD1100


46 Messages


796 Points

6 years ago

With the limited information we could gather on the root cause, WiFi seems to be a conduit to carry out the attack. However, by itself, WiFi or any of its components do not seem to be vulnerable.

Apparently the attack gets seeded into the server, that is hosting some portal, by an unknown mechanism, that lands onto the client device when hotel guests connect via WiFi (during portal-based registration).

This is purely malware with remoting via C&C, which is best handled via security firms specializing in malware detection and prevention. We've read that the impact has been limited to less than a few dozen hotels. However, the exact count is difficult, since the self-erasure technique seems pretty sophisticated.