Dark Hotel ? What security changes should I make on the ZD 1100, in relation to the new threat.

  • 1
  • Question
  • Updated 3 years ago
What is best practice, and what changes may help on the ZD1100
Photo of Gerard

Gerard

  • 20 Posts
  • 1 Reply Like

Posted 3 years ago

  • 1
Photo of Cordelia Naumann

Cordelia Naumann

  • 47 Posts
  • 5 Reply Likes
With the limited information we could gather on the root cause, WiFi seems to be a conduit to carry out the attack. However, by itself, WiFi or any of its components do not seem to be vulnerable.

Apparently the attack gets seeded into the server, that is hosting some portal, by an unknown mechanism, that lands onto the client device when hotel guests connect via WiFi (during portal-based registration).

This is purely malware with remoting via C&C, which is best handled via security firms specializing in malware detection and prevention. We've read that the impact has been limited to less than a few dozen hotels. However, the exact count is difficult, since the self-erasure technique seems pretty sophisticated.