DANGERS OF USING HOTEL WI-FI
Attackers target hotels to obtain records of guest names, personal information, and credit card numbers. The hotel environment involves many unaffiliated guests, operating in a confined area, and all using the same wireless network. Guests are largely unable to control, verify, or monitor network security. Cyber criminals can take advantage of this environment to monitor a victim’s internet browsing or redirect victims to false login pages. Criminals can also conduct an “evil twin attack” by creating their own malicious network with a similar name to the hotel’s network. Guests may then mistakenly connect to the criminal’s network instead of the hotel’s, giving the criminal direct access to the guest’s computer.
Hotel networks are often built favoring guest convenience over robust security practices. Smaller hotels will often post placards at the service desk stating the password for Wi-Fi access, and change this password very infrequently. At its most robust, access to a hotel Wi-Fi network is typically governed by a combination of room number and password. This combination only governs devices accessing the hotel’s network but does not provide a secure internet connection. Currently, there is no hotel industry standard for secure Wi-Fi access. If teleworking from a hotel, guests should not implicitly trust that the hotel has properly secured their network or is monitoring it for attacks.