London Daily

Focus on the big picture.
Saturday, Jul 04, 2026

Hotel WiFi across MENA compromised and exposing private data

Hotel WiFi across MENA compromised and exposing private data

Cybersecurity researcher uncovers faulty system used by hotels in the Middle East surrendering personal information on millions of guests worldwide.

Pakistani cybersecurity researcher Etizaz Mohsin was in a hotel room in Qatar when he unexpectedly discovered a technical vulnerability in its internet system that exposed the private information of hundreds of hotels and millions of guests worldwide.

Mohsin told Al Jazeera he was “stunned” by what he uncovered late last year.

“I found out that there is a service running rsync [file synchronization tool], which allows me to dump the files of the device to my own computer,” Mohsin explained. “I was able to access the sensitive information of all other hotels which were using the FTP [file transfer protocol] server for backup purposes.”

From his hotel room he was able to obtain network configurations of 629 major hotels across 40 countries, and the personal information of millions of guests, including their room numbers, emails, and dates they checked in and out of the hotel.

The data included that of major hotel chains across the Middle East and North Africa region, including the Kempinski, the Millennium, Sheraton, and St Regis in Qatar, Turkey, the United Arab Emirates (UAE), Saudi Arabia, Lebanon, Egypt, Bahrain, Oman, Jordan, Kuwait and Bahrain.

The hotels all use an internet system called HSMX Gateway by British company AirAngel. Its clients are among the largest hotel brands worldwide.

This is common practice; most hotels, malls, restaurants, and cafés require people to create an account and fill their information after connecting to the internet in order to start using it. However, it is not without its risks.

“A public WiFi network is fundamentally less secure than one you use at home,” Mohsin explained. “It allows hackers to monitor and intercept data sent across the link, giving them access to sensitive information such as banking credentials and account passwords.”

The HSMX Gateway incident is similar to a vulnerability in hotel routers researchers discovered seven years ago, which affected 277 devices in hotels and convention centres in the United States, Singapore, the United Kingdom, the UAE, and 25 other countries.


‘Stakes are high’


Cybersecurity consultant Ragheb Ghandour told Al Jazeera the ease of access to this data, especially with how centralized it is among hundreds of hotels, is a huge cause for concern.

“Let’s say a spy checks into one of these listed hotels, skims through the files and finds a point of intrusion. They could modify – or mirror – the landing page for the WiFi connection and all the clients of the hotel would send their information straight to them,” Ghandour said. “The stakes are high. You could wreak havoc through the hotel.”

It is not just guests’ personal information that is at risk. Mohsin said a hacker could use the vulnerability to access the guests’ computer and mobile devices, as well as the hotel’s security footage, ventilation systems, and electronic door locks.

In fact, assassins used a vulnerability in a luxury hotel’s internet to unlock an electronic door and carry out a targeted killing in Dubai 12 years ago.

In 2010, a hit squad, reportedly members the Israeli Mossad intelligence agency, assassinated senior Hamas official Mahmoud al-Mabhouh at a luxury hotel in the Emirati city after hacking the key system to enter al-Mabhouh’s room.

AirAngel said in a statement it stopped updating its software in November 2020, and the firm encouraged clients to replace it with a new service called Captivnet. The issue with the previous service remains unfixed, however.

AirAngel added only a small number of clients have not migrated to Captivnet and still use HSMX Gateway. But more than half of the hotels Mohsin discovered compromised continue to use the service.

Of the 629 hotels Mohsin found with faulty internet protection, 378 have not switched to AirAngel’s new service, including more than 100 in the UAE, Saudi Arabia, Qatar, Lebanon, Egypt, and other countries across the MENA region, he said.

Mohsin said he hopes his findings will encourage more people to improve their digital security.

“Always a use a VPN to encrypt all your data as it travels via the network via secure tunnel,” he explained. “Alternatively, you might use mobile data [instead of WiFi] to avoid the dangers in the first place.”


Comments

Oh ya 4 year ago
And people believe that their crypto is also safe from the bad people and the government. Just ask the people in Canada that donated to the truckers and had their bank account stolen. Play stupid games win stupid prizes

Newsletter

Related Articles

0:00
0:00
Close
UK Government Consults International Partners on Maritime Trade Security and Energy Market Stability
Rare Revolutionary-Era Documents Discovered by UK Archives and Undergoing Authentication
UK Consumer Confidence Remains Deep in Negative Territory as Household Spending Stays Cautious
Transport for London Warns of Severe Disruption as Major Events Converge in Central London
NHS and Social Care Sectors Face Ongoing Recruitment Shortages Amid Persistent Workforce Gaps
Rising Energy Costs Drive Price Pressures Across UK Retail and Service Sectors
Competition and Markets Authority Expands Review of Artificial Intelligence Impact on UK Media Markets
UK Parliamentary Committees Intensify Scrutiny of National Security and Industrial Policy Legislation
Bank of England Faces Persistent Inflation Pressure as Rate Cut Expectations Fade
UK Public Finances Under Pressure as Borrowing Exceeds Forecast and Debt Nears 95% of GDP
Major Police Deployment Across Central London as Mass Demonstrations and Pride Parade Converge
Large-Scale Police Dispersal Powers Activated in Liverpool Ahead of Anti-Immigration Protests and Counter-Demonstrations
Luxury bags take over the World Cup: style, status symbol, or just showing off?
National Productivity Institute Highlights Weak Business Investment Outside Southern England
UK High Court Orders Reassessment of Environmental Impact in Major Highway Project
UK Cyber Security Centre Warns of Rising Threat From State-Sponsored Digital Espionage
UK Education Secretary Launches National Reform of Apprenticeships and Vocational Training
Financial Conduct Authority Tightens Climate Risk Disclosure Requirements for Listed Firms
Rail Union Suspends Planned Strike Action to Enter Formal Negotiations With Operators
Northern Ireland Businesses Seek Clarity Over Post-Brexit Trade Rules
Welsh Government Launches Regional Growth Plan Targeting Transport and Digital Infrastructure
North Sea Wind Sector Attracts £5 Billion Investment Amid Expansion of Offshore Capacity
Scotland and UK Governments Establish New Framework for Coordinated Investment in Energy and Infrastructure
UK Government Launches Major Immigration and Border Policy Overhaul Review
Bank of England Signals Interest Rates to Remain Elevated Despite Easing Inflation Pressures
National Health Service Warns of Severe Winter Capacity Strain Across Hospital Trusts
Chancellor Orders Urgent Treasury Review Amid Concerns Over Structural Public Finance Gap
Prime Minister Unveils Sweeping Legislative Programme Focused on Housing, Health Service Reform and State Energy Plan
UK Parliamentary Committee Launches Inquiry Into Falling Primary School Rolls and Public Service Impact
UK House of Lords Debates Electoral Commission Powers and Political Finance Reform
UK Parliament Considers Expanding Carbon Rules to International Aviation and Shipping Emissions
UK Traffic Commissioner Revokes Hampshire Haulage Operator Licence Over Regulatory Failures
UK Parliament Examines Risks in Public Contracts Awarded to Technology Firm Palantir
UK Competition Watchdog Moves Toward More Flexible Merger Rules to Support Efficiency and Growth
UK Government Seeks Approval for £1.15 Trillion Public Spending Plan Amid Scrutiny Over Department Budgets
UK Parliament Debates Sweeping National Security and Steel Industry Nationalisation Bills
UK Government Issues Formal Apology for Historic Forced Adoption Practices and Announces £4 Million Support Scheme
UK DEFENCE AND TECHNOLOGY STRATEGY TILTS TOWARD SOVEREIGN CAPABILITY AND INDUSTRIAL INVESTMENT
UK ECONOMIC POLICY OUTLOOK SHAPED BY LEADERSHIP TRANSITION AND FISCAL SIGNALS
STERLING STRENGTHENS AMID SHIFTING MONETARY OUTLOOK AND GLOBAL LABOUR MARKET SIGNALS
UK HPV VACCINATION PROGRAM NEARLY ELIMINATES CERVICAL CANCER DEATH RISK IN YOUNG WOMEN
UK EXPANDS PRISON SAFETY REVIEW AS GOVERNMENT SEEKS WIDER SYSTEM REFORM
UK DRIVES DIGITAL ASSETS STRATEGY WITH NEW STABLECOIN REGULATORY MODEL
UK TO EXPAND AI INFRASTRUCTURE THROUGH NEW EUROPEAN TECHNOLOGY PARTNERSHIP
UK LAUNCHES £15 BILLION DEFENCE TECH SHIFT TOWARD ADVANCED MILITARY SYSTEMS
CIVIL SERVICE FACES SHIFT IN POWER STRUCTURE AS REGIONAL GOVERNANCE PLANS EXPAND
WHITEHALL CONSIDERS MAJOR DECENTRALISATION PLAN WITH SECOND GOVERNMENT HUB IN MANCHESTER
UK TARGETS SERVICES EXPORT GROWTH IN TRADE TALKS WITH CHINA AMID GEOPOLITICAL TENSIONS
POLICE WATCHDOG PROBES OFFICERS OVER HANDCUFFING OF DYING TEENAGER IN HAMPSHIRE CASE
UK REGULATORS UNVEIL DUAL OVERSIGHT FRAMEWORK FOR STABLECOINS AND DIGITAL ASSETS
×