Whether we’re lucky enough to be on holiday or working out of a hotel for business purposes, one of the first things most of us do is look for the wifi. Nearly all hotels today offer free wifi as one of their guest perks. But is hotel wifi safe? It’s probably something you’ve never even considered! We’ll run you through what you need to know.
The security illusion
When you’re relaxing in the lobby of a fancy hotel, the illusion of public wifi security is perfectly maintained. If you’re savvy enough to ask the reception staff what the network password is, you’re already probably congratulating yourself on being security-minded. But is it really safe?
Just how much is hotel wifi safe – really?
The fact is, hotel wifi networks are no safer than any other public wifi at a library, cafe, train station or other public space. This even applies when hotel wifi systems seem to be secure because you need to provide your room number to gain the all-important password.
This means you must be cautious at all times. Hotel wifi networks are becoming real targets for data thieves and cyber hackers, firstly because hotel wifi users tend to have valuable information on their devices (especially if they are using them for work purposes) and because users in hotels tend to be off their guard when it comes to cybercrime.
How cybercriminals attack hotel wifis
During a quick hotel check-in, you might automatically spot the wifi signal on your phone and link to a network which looks legitimate. Perhaps it uses a name that’s like the name of the hotel, for example. But without verifying this network, you could find yourself joining a malicious hotspot that has been set up by hackers; giving them immediate access to your private, precious data.
Organized cybercriminals have been known to attack hotel wifi networks through a range of tactics. Some email employees at hotels and use phishing scams to entice them to open attachments which look like customer booking requests. Instead, malware is released into the network which spies on guests, grabs passwords and gains free access to user data on the hotel wifi network.
The worse bit? This kind of spyware can extend to every user of the hotel wifi and access every piece of unencrypted data you have sent or received on the connection. Users wouldn’t even know that they were under attack.
The Eternal Blue case study
In 2017, a gang of Russian cybercriminals used a malware attack called EternalBue, to access hotel wifis and spy on guests. These attacks were thought to be political in their motivation and gathered data or government employees traveling on business. However, whatever the reason behind the attack, it shows just how vulnerable hotel wifi networks can be.
Just keep away
The advice now for travellers is that they should avoid using hotel wifi networks at all times. Technology is now so advanced that users don’t even need to type their passwords into locked accounts for spyware to detect them.
As a precaution, if you have recently traveled and made use of free hotel wifi, then it is a wise step to change all sensitive account passwords now. Change passwords for your financial accounts and social media accounts, emails, and any other private accounts.
Follow good practices to secure these accounts, with complex passwords, unique passwords for each site and two-factor authentication. Consider using a password generator to make your passwords even harder to detect.
Hotels remain vulnerable
Even though the EternalBlue malware attack was launched to European hotels, news after the event confirmed that a wifi network that tends to be used heavily by hotel chains is actually more vulnerable to cyber attacks than many other networks.
The device manufacturers have released a security patch to safeguard users, but remember that there is no guarantee that the hotel you are staying at will have installed it.
Assume the worst
A good rule of thumb is to assume that you are being spied upon in some way if you do use hotel wifi. You know nothing about the individual or spyware that is watching you.
Some hackers just want to gather sufficient data to clone your identity. Others want bank account details. Others are seeking corporate information to launch far bigger ransomware attacks. Just don’t take the chance.
Take steps to protect yourself
There may be instances that you find you need to use hotel wifi. If you sign up to a Virtual Private Network, you can do this without worry.
Why use a VPN
Even if the hotel wifi is teeming with sniffers, malware or other viruses, the VPN will protect you. Most VPNs encode data and encrypt it (always choose a service that offers encryption, as well as the protective data ‘tunnel’ that allows you to remain anonymous.)
This means that hackers can’t read your data, can’t grab it – and can’t even intercept it, because all they will see is encrypted and encoded data that they can’t crack.
There are plenty of VPN providers on the market and they all offer something different. Some are free, but be very careful here. Some apparent VPNs are just fronts for malware. Others have lax privacy policies that allow your data to be shared for advertising purposes.
We regularly review all of the best VPNs on the market and we look at the technology, policies and ‘fine detail’ of every good VPN.
Choose the best VPN
We recommend VPNs such as ExpressVPN, NordVPN, and Private Internet Access. These all offer security credentials and technologies that are cutting-edge and as-yet unbroken. They also regularly update and invest in their service to ensure that it stays ahead of hackers. They offer other features too such as:
- Multiple servers across the world so that your data can be rerouted and your location IP masked for total anonymity
- Businesses and servers located in countries such as Sweden which have extremely stringent data privacy laws designed to respect individual rights.
- Policies which include no keeping of data logs and absolutely no selling of user data
- Advanced encryption and kill switches, which automatically end your connection if the VPN drops for any reason.
In short, it’s simply not worth going online without a VPN if you want to be safe, secure and anonymous. Secure yourself in just a few minutes by downloading the best VPN onto your device, and continue to enjoy your online experience to the full.
VPN specialist and writer
Nadin has been tinkering with computers and gadgets for as long as she can remember. She has extensive knowledge about various topics, including IoT, Linux, digital security, and more. Nowadays, she works as an IT network professional and writes helpful guides in her free time.