Hotels and WiFi security

When you book a hotel room, you can assume that it’s their role to provide Your and your property security, provided you don’t share your keys with other people. But the largest threat is not related with other people coming into you room but from the WiFi network.

It is obvious that a WiFi network in a hotel is always welcome by all guests who want to communicate with other people and run the business during a trip. At the same time, this is an illustration of the vulnerability of hotel industry to cyber threats.
WiFi networks in hotels have many security gaps, most of which are similar to those present in public networks. These networks make guests more open to man-in-the-middle attacks and other attacks which can be dangerous to their personal data. As we are informed by most of agencies responsible for network security, incidents of using malware and other attacks are currently at a high level.
Threats of hotel WiFi networks
In the course when hotels are becoming more dependable on WiFi networks, there appear more risks related with using of hotel networks. The current potential of WiFi connection is very high and opens door for cyber criminals, enabling an unauthorized access to the privacy of hotel guests and several other things which may result in unimaginable tragedies and a stay in a hotel may become a nightmare.
Despite the fact that most of modern routers have advanced protection functions, this still does not translate into protection of data or confidential information of guests. Below, we present main threats for hotel WiFi networks.
The first type which we have to discuss is spear-phishing and backdoor attacks.
Darkhotel software is one of the best examples of such attacks. Hackers using this software check WiFi networks and next, connect to them. In most of cases, it is just enough to give the guest’s name and the room number in order to work in the network as this person. Next, using the hotel WiFi network,
they start to send fake messages, making guests download specially prepared backdoors. The most often given reason is software updating, for example of Adobe Flash or Google.

Toolbar. Next, guests install such software and hackers can use the backdoor to install additional programs like Trojans and keyloggers.
Another type of attack used in case of hotels is Man-in-the-middle. In this method, hackers place a harmful code between the victim and the valuable resources, such as logging sites, shared by the hotel’s IT dep. The most advanced attacks of this type are realised using browsers. In this case, malware silently registers data sent from the user’s browser to the hotel’s logging site. Such attacks don’t require hackers being physically close to a victim and the group of victims can be quite big. These attacks also do not require much effort of the attacking party.
Additionally, a hacker may use a packet sniffer to grab the information. Another attack is ARP (Address Resolution Protocol) spoofing. The attacker floods the network with packets, which may be easily used in the attack on the hotel WiFi network.This technique allows hackers analysing the network traffic and to modify the data exchange.
Hackers send false ARP messages to link the MAC address of them with the victim’s IP.As a result, all data addressed to the victim’s IP address are also sent to the hacker. He can also launch a Denial of Service attack by creating a connection with a non-existent MAC address.
Security policy template for hotel networks.
The below template of security policy shows how t is possible to lessen effects and prevent attacks on hotel guests.A hotel’s IT team should consider all presented solutions but we also encourage guests to undertake measures which minimise chances of being robbed of personal information.
1 Displaying warning signs
Hotel networks and connected guests can be an easy aim for hackers. The management should take care that the front office and rooms contained warning signs to remind guests several rules:

• Never input confidential information into hotel’s network logging site • Always check information about software updates at the reception
• A guest should always delete passwords and log out from banking services
• Guests should clear the browsing history and temporary files after finishing work
• Guests should not leave a computer not attended at public places.

2 Configuration of network and servers and data encryption
In order to protect data of the customers, hotels should set data encryption for all networks and servers as all information input in forms at hotel’s sites (which enable guests to input information) were sent with data encryption. Thanks to this protection mean, hotels provide the situation that data sent in the network are protected by SSL (Secure Socket Layer), to provide secure data transmission. Many hotels use 256-bit encryption, authenticated by certificate to protect customers’ data.
3 Integration of intelligent channels
Modern channels for sending data often require investments but become to play more important role in creating sets of data such as a domain, IP address and information related with malware. Channels of this type are often updated and they can be easily transformed into XML files for analysis aims. Channels of this type have numerous applications, allow prompt detection of infections of devices of hotel guests, disgraced accounts, infected networks and hotel profiles.
In general, hotels are recommended to implement intelligence channels, containing systems for reporting data violations. Such systems are mainly of real time operation and immediately inform about threats to hotel guests and real attacks.
Reports obtained in this way should be analysed by the management and relayed for analyses to IT teams, in order to hold off attacks in the future.
4 Hotel guests should use VPN services
The best way to block most of attacks when being connected to a hotel WiFi network is using VPN. It is possible to analyse the network traffic unless there guards the VPN software. The aim of VPN is to encrypt the whole digital communication and preventing from capturing private data by hackers, thus they are a crucial solution to maintain the privacy. There are several VPN solutions and one should select the one adjusted to particular needs.
5 Hotel guests should know if the connection is via HTTPS
HTTPS protocol means that your browser is safe. Thanks to this extension, one can force the browser to use safe connection. Websites, emails and computing clouds often use HTTPS protocol what is indicated by a green padlock in the address bar. However, we can also include HTTPS protocol inside the network to encrypt data of all websites. However, a browser user can turn off HTTPS service or configure it only for particular sites. All HTTPS functions should already exist and should not be modified by users.
6 Guests should connect using VLAN network everywhere it is possible
Some hotels charge an extra fee for an access to the Internet or WiFi network. In general, the fee is used for additional services like extended protection of the network. Such service allows logging into VLAN network or virtual local network, which is most often more safe than WiFi and protected from unauthorised activity. VLAN networks are usually password protected. A hotel that is not providing VLAN services, most often, offers solely WiFi connection. In such case, one should avoid use of credit cards and other confidential data and use them only when the connection offers high security.
7 Guests should activate a firewall
Firewall is a part of protection system, which is present in the majority of systems and antivirus software. Firewall blocks unauthorised access to the computer, in this way preventing attacks using malware. It also regulates the type of data that can or can’t be sent to the computer.
Although you are traveling and busy, don’t forget to update your operating system and all apps in your tablet or smartphone before booking in. Please make sure you have antivirus and anti-malware software, which is also previously updated. Always ignore update offers which you haven’t ordered, when using hotel networks. Each website offering updating, other than provider’s site, can contain viruses or malware. Of course, you can use other devices to verify the security warnings.
Firewall can be configured in the way providing access only to a particular program. It should be also activated during using hotel networks. Additionally, each guest should become familiar with information provided by the producer and properly set firewall’s settings. Firewall allows us to have protection and to cut off an access of all programs which seem to be strange.
8 Hotel guests should update all information before booking in
Although you are traveling and busy, don’t forget to update your operating system and all apps in your tablet or smartphone before booking in. Please make sure you have antivirus and anti-malware software, which is also previously updated. Always
ignore update offers which you haven’t ordered, when using hotel networks. Each website offering updating, other than provider’s site, can contain viruses or malware. Of course, you can use other devices to verify the security warnings.
Finally, please remember that you have to be cautious using a hotel network. The best way is to save all sessions that concern financial transactions till the moment when you can connect to a protected network.

Przeczytaj ten artykuł w wersji polskiej:  http://www.businessmantoday.org/hotele-a-bezpieczenstwo-sieci-wifi/