Is Hotel WiFi Secure?
When you check in to a hotel, you assume that the company will keep you and your valuables safe by not sharing your room keys and providing a safe for your belongings. But a much greater threat could be lurking in your rented room – the free WiFi connection that most lodging providers offer.
We’ve already talked about the steps you should take when connecting to public WiFi networks in coffee shops, but many people still fail to apply these basic safeguards to hotel Internet browsing. This is a huge mistake! Hotel WiFi networks suffer from many of the same security weaknesses as unsecured coffee shop networks. Not only do these networks increase your susceptibility to “man in the middle” type attacks that compromise your personal information, the FBI and the US Internet Crime Complaint Center (IC3) report that instances of malicious software attacks on hotel-connected laptops are on the rise.
According to the IC3: “In these instances, the traveller was attempting to setup the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely-used software product. If the user agreed to install the update, malicious software was installed instead.”
Keeping Yourself Safe on Hotel WiFi Networks
No matter what specific type of threat you’re concerned about when it comes to hotel WiFi security, the basic preventative measures remain the same:
- Browse the web using a virtual private network (VPN). VPNs encrypt all of your digital communications and prevent them from being intercepted by others. Doing so is a vital part of keeping your personal information protected while traveling.
- Only share personal information on sites with addresses that read “HTTPS.” To fully protect yourself, consider sharing no personal information online at all while traveling. But if you simply can’t avoid it, look for the “S” in the website’s URL which indicates that the site’s communications are automatically encrypted.
- Make sure file sharing is off. By default, many computers have file sharing turned on, leaving your personal information and documents ripe for the picking by digital thieves. Though the specific steps you’ll need to follow to turn off your computer’s file sharing will vary based on its manufacturer and operating system, it’s worth looking up these procedures and implementing them before you first log on to your hotel’s WiFi system.
- Turn on your firewall (and make sure it’s up-to-date). A good firewall program will deter some malicious attacks – but only if it’s turned on and regularly updated. On its own, your firewall won’t completely prevent hacking attempts, but it’s an important stop-gap measure should your other actions fail.
- Update your internet browser. At the same time, make sure your internet browsers are up-to-date. Many popular browsers have identity theft protection features that will alert you to any perceived threats. While – again – they aren’t a perfect solution to unsecure WiFi networks, they’ll minimize your risk to some degree.
What about Password-Protected Networks?
But what if you happen to be staying at a hotel that secures its networks by offering router encryption and a password that’s given only to guests? Sorry to burst your bubble, but you’re still not safe.
To understand why, consider the two types of router encryption that hotels might offer – wired equivalent privacy (WEP) and WiFi protected access (WPA).
The WEP protocols are dated and offer very little in the way of digital security, as they’ve been in service for more than 15 years. And although both the WPA and WPA2 certification programs were developed to compensate for the weaknesses of WEP, they’re still not fool-proof. They can be cracked in most cases, and are nearly useless anyways if the hacker in question is also a guest at your hotel with the same network access you’ve been granted.
I’ll Just Use the Ethernet Connection Instead…
And finally – sorry to burst your bubble, but the wired Ethernet connection your hotel offers isn’t any more secure than its wireless networks.
Most wired hotel networks are local area networks (LAN) – a protocol that’s more than 30 years old. Originally developed in the mid-1970s by Xerox, LANs were intended to be used internally by business or other groups of people. And because there was no reason to anticipate malicious behavior within these groups, LAN configurations were built without appropriate security protocols in place.
To make matters worse, an estimated 20% of hotels in the US use a type of LAN known as a “hub configuration,” which involves sending all of a network’s data to every computer that’s connected to the group. In its original incarnation, LAN computers were only supposed to listen to the data intended for them, which – again – isn’t an issue when all members of a network can be trusted.
In hotels, though, random guests can switch their network cards to “promiscuous mode” and view all of the unencrypted information being sent throughout the LAN. If you aren’t careful, this information could include personally identifying information, passwords and sensitive documents that shouldn’t fall into the wrong hands.
Although there are other types of LAN configurations in use in hotels, the thing you should take away from this article is that no hotel network – whether wired or WiFi – is truly safe from hacking attempts. Instead, it’s up to you to take the security measures necessary to protect your data. By installing a VPN, locking down your system and being careful about the types of information you share, you can minimize the stress of traveling by keeping your data safe.