The FBI has issued a warning about the rise of individuals using hotel Wi-Fi networks for remote work. Cyberattackers may exploit the inconsistent security protocols employed by hotel networks in order to gain access to sensitive information.
Unlike with home Wi-Fi networks, users of hotel networks often have little influence over security, allowing cybercriminals to monitor their browsing activity or redirect them to false login pages. Another exploit that is sometimes employed is a so-called “evil twin attack,” whereby a malicious network is set up with a similar name to the genuine one, tricking hotel guests into mistakenly granting criminals access to their devices.
Unfortunately, many hotels place convenience above security. This means that, often, there is a single password for all guests, which may be posted openly for all to see at the front desk.
Convenient but risky
With more and more employees being encouraged to work remotely as a result of COVID-19, some members of staff are instead opting to work from a hotel in order to avoid distraction. Some hotels are even offering daytime rates to meet this need – but this can place personal and corporate data at risk.
“Much of a hotel’s network infrastructure is entirely out of the control of the hotel guest,” the FBI’s Public Service Announcement read. “Guests generally have minimal visibility into both the physical location of wireless access points within the hotel and the age of networking equipment. Old, outdated equipment is significantly more likely to possess vulnerabilities that criminal actors can exploit.”
If individuals have chosen to use a hotel network for remote work, there are various steps they can take to lower their security risks. These include using a VPN, making sure they are running the most up-to-date security software and enabling login notifications.