The next time you put all your cash in a hotel safe, consider this: identity thieves may be more interested in what’s going over your hotel wifi connection than what’s in your wallet.
According to a 2010 report by Trustwave SpiderLabs, consumers’ credit cards are more likely to be hacked in a hotel than in any other place they are used. 38% of the hacking incidents that Trustwave investigated last year occurred in hotel credit card systems.
In 2010, the Wyndham Hotels and Resorts – operators of The Days Inn, Ramada and Howard Johnson Hotel chains – reported that their networks had been compromised by hackers. The loot: An unknown number of guest names and credit card numbers.
According to a 2008 study by Cornell University’s School of Hotel Administration, events like that aren’t unusual. The study concluded that most hotel wireless networks were not secure. Twenty percent of the hotels surveyed admitted that malicious activities had taken place on their networks.
A 2006 report on hotel hotspot security found that guests connected to many hotel networks could easily view each other's fileshares or attack each other's computers. “We tested 27 hotels in three major cities. Just one quarter of them prevented wifi users from being hacked by guests connected to the hotel's wired network and attackers on the Internet,” said Lisa Phifer, president of Core Competence. “After hotspot login, most guests are on their own to protect themselves,” says Phifer.
WiFi Hacking Crimes Are Easy to Commit
Unsecured wireless networks at hotels have proven to be ideal places for hackers to commit a wide variety of crimes.
In 2008, at the luxury Thompson Hotel chain, a hacker captured personal and sensitive emails sent by guests and staff members over its wireless network and threatened to make them public.
Hackers staying at hotels or parked nearby have exploited the anonymity of hotel wireless networks to download child pornography. In 2009, a Florida man was arrested for using hotel wifi to download kiddie porn from his truck parked outside. According to Hernando Today, a publication of Tampa Bay Online, when the man’s gaming device was confiscated as evidence, what local authorities found stored on it was 96 images of prepubescent children engaged in sex acts. The time stamp on the images matched the time that the man was outside the hotel.
Wifi hacks like that aren’t the only security threat we face. Road warriors looking to log on to their hotels’ wireless Internet can unknowingly become online mugging victims. In 2010, The CBS Early Show had an ethical hacker set up a fake wifi access point at a New York City hotel, calling it “Best Free Public Wifi.” Before long, dozens of unknowing wireless users took the bait and tried to log on. When an unsuspecting hotel guest connects to a phony wifi access point like that, his credit card, banking or other confidential business information can be seen by the hacker.
Remember, just because you’re staying at a nice hotel doesn’t mean that hackers aren’t around the corner. These are some of the things you can do to protect your Internet security.
How to Hide From Hackers
- Watch out for fake wifi access points designed to look just like real hotel wifi networks. These Evin Twins may even contain your hotel’s name. Check with the establishment to get the correct name.
- Find out whether your hotel’s wireless network uses WPA (WiFi Protected Access) security. WPA usually requires a password to get onto the network and always encrypts everything sent over wireless. This prevents eavesdropping over wireless – but it may not stop other guests connected to the same hotspot from stealing your data.
- Always assume you’re not alone on any public wifi network. Disable file sharing, turn on your computer's personal firewall, and never send Social Security numbers, passwords or financial information when using an unencrypted wireless connection.
- When using a free hotspot, you could be sending data through someone you don't know. When using a commercial hotspot, never supply payment information to an unsecured hotspot login page. If your web browser doesn't display a green padlock or it warns that the login page may not be secure, use a different hotspot.
- Use a VPN (virtual private network) like PRIVATE WiFi™ to make all the information transmitted over your wifi connection invisible to hackers.
In the meantime, if you were hacked while using a hotel WiFi connection, we’d like hear what happened to you. Tell us your story.