Imagine that you were on a trip or a business meeting and you urgently have to check up on an email.
What will you do?
I know many of you will say that you will instantly connect to your hotel Wi-Fi network and start accessing the data you need.
Well, it is true that with the advancement of everything, hotels, café and even airports have started providing free public Wi-Fi hotspots to their customers.
But wait, do you really think these publicly available Wi-Fi hotspots are safe enough to be trusted?
Is public hotel Wi-Fi safe?
Let’s find out the truth!
Is public hotel Wi-Fi safe?
No, a public hotel Wi-Fi is not a safe option when you want to check up on an important email or sign in to any site that requires your credentials.
Now you will ask why?
Well, to answer this simple question, can you tell me what are Hotels exactly known for?
So, if the USP of the hotel is hospitality and not cyber security, then how can you be so sure that the data traveling through this publicly available Wi-Fi is 100% safe!
No doubt, there is a team dedicated to the cyber security part, but they are contract-based. Plus, when the router company releases security patch updates for its router, it may take some time for the hotel folks to implement.
Moreover, according to a report penned by Eero.com, in the summer of 2017, a ring of Russian hackers had deployed a Wi-fi attack, where they used a powerful tool leaked from the NSA called Eternal Blue, to spy upon the guests through the hotel’s Wi-Fi. Even these attacks were reported to be politically motivated and were carried out to capture the information of business and government travelers.
So, it is better to stay away from these publicly available hotel Wi-Fi as long as you can.
Which cyber-attacks can be carried out using public hotel Wi-Fi?
After getting a crisp and clear answer to the main query, I hope it must have surely given you a clear idea of why a public hotel Wi-Fi isn’t a safe bet.
However, for your better understanding, I have penned down a list of cyber-attacks that can be carried out using public hotel Wi-Fi.
A man-in-the-middle attack is one of the most common type of cyber-attack that can be caused by using public Wi-Fi.
As the name suggests, it is the man (cyber-criminal) in the middle of a server and a client.
Meaning, that whenever you pass any kind of information on such a compromised connection, the data passes through the hacker, who can alter things as per his will.
Moreover, he/she can also change or add some elements on the website, that can help him/her deploy malware inside the victim’s device.
A compromised router can vacuum up a lot of personal data like your username, messages, passwords, etc.
Even a hacker can easily reset your passwords and gain access to your accounts, which in turn can lead you to a great deal of trouble.
The second type of cyber security attack carried out on a hotel Wi-Fi is Eavesdropping.
Now, for those of you who don’t know what is eavesdropping, let me explain it to you real quick.
An eavesdropping attack is a type of cyber security attack where an attacker obtains sensitive confidential information including session tokens and keystrokes by sniffing through a Wi-Fi connection.
Eavesdropping is classified into two categories; (1) Passive, and (2) Active
In a passive eavesdropping attack, the attacker simply monitors the communication without interfering with the communication channel.
It helps an attacker to watch over the decrypted Wi-Fi session, read the data that is transmitted during the session, and indirectly gather information through a session package survey.
Not just this, it is way more difficult to detect the passive type of eavesdropping, as it does not produce any noticeable effect.
While, in active eavesdropping, the attacker not only actively monitors the communication but also interferes with the communication channel.
Traffic analysis attacks:
The traffic analysis attack is used to find out the type of information that is being exchanged through a hotel Wi-Fi network.
Plus, this type of attack can be easily performed even if your messages are in an encrypted form.
A DDOS attack is carried out by the attackers on the Wi-Fi network to cause normal or extreme interference with the network, which results in slow internet speed.
The attacker usually launches this type of attack on Wi-Fi on a temporary or permanent basis.
Proper configuration of a firewall in the form of hardware or software, is essential to protect Wi-Fi from such attacks.
The dictionary-building attack is carried out by an attacker who already knows the traffic of the target hotel’s Wi-Fi network.
To initiate this attack, an attacker goes through a list of candid passwords, which may consist of words from the dictionary or words related to victims.
Replay attacks are performed by attackers to obtain unauthorized access to a computer or a network by replaying the authorized expired sessions and then collecting information about it.
Moreover, as these replays do not take place in real-time, the victims of replay attacks remain unaware or uninformed about the attack.
While you are connected to a public hotel Wi-Fi, a hacker can easily use it to show you some random but alluring ads on your screen, that you might get tempted to click on.
Thus, allowing the attacker to break into your device, and install some of the most dangerous malware software like; viruses, adware, ransomware, trojan horses, and worms.
Side jacking (Session Hijacking):
Side jacking – also known as Session Hijacking is carried out by obtaining the information (session ID) via packet sniffing and then masquerading as the authorized user.
Moreover, instead of using this data retroactively, the hacker uses it in real-time and in a real location.
It also bypasses some level of encryption, which is even worse.
This type of cyber-attack can be carried out by hijacking the CCTV cameras that are inside and around the hotel premises through a vulnerable public Wi-Fi network.
A hacker then tries to peep into your login credentials or important information with the help of those compromised CCTV cameras.
Thus, causing great harm to that particular user’s privacy.
Evil twin attack:
A hacker carries out this type of cyber-attack by creating an identical-looking Wi-Fi hotspot with the help of their smartphone or portable Wi-Fi hotspot devices.
Now, when an innocent user joins this kind of Wi-Fi network and starts sharing his information through it, the information directly goes to the hacker, who can use it for his own personal gain.
How to tackle the risks associated with public Wi-Fi?
Now that we have discussed the type of cyber-attacks that can be carried out using public hotel Wi-Fi, we shall move forward, and see how to tackle and minimize the risk.
Use a VPN:
First and foremost, always make it a habit to use a VPN when you feel like connecting to the internet.
A VPN will encrypt your entire internet traffic while sending it safely to the other end.
Moreover, it will also keep away those hackers and government agencies who are trying to snoop around your personal data.
Confirm the SSID of the hotel:
Secondly, whenever you are at a hotel and want to connect to the hotel Wi-Fi, make sure you ask the administrator about the correct SSID name so that you don’t get trapped inside the fake Wi-Fi hotspot created by a hacker.
Turn off the auto-connect feature:
Our device has this unique feature that allows it to instantly connect to the nearest available Wi-Fi network or Bluetooth connection.
But, many times, this specific feature can land us into a problem, allowing the hacker to gain access to our devices through Bluetooth or Wi-Fi.
Therefore, it is better to turn this feature off from the settings menu.
Keep the firewall enabled:
A firewall is a one-stop solution to protect your device from unwanted visitors.
A firewall investigates incoming as well as outgoing traffic and blocks the ones that seem suspicious.
And therefore, keeping a firewall enabled on your device can help you block out compromised internet traffic over public Wi-Fi.
Turn off the file-sharing feature:
Many devices now come with this unique feature that allows users to share files with other users over the internet, which is very much handier than attaching it to an email.
However, this feature can be used by hackers to push a malicious file into your device.
Therefore, it is better to turn off this feature when not in use.
Install anti-virus software:
No matter what, always install antivirus software on your device because it will protect your device from any kind of malware attack.
Not to forget, there are many antivirus software out there in the market that come with a preloaded firewall system.
So, for you, the user, it is a win-win situation
Don’t forget to enable the 2FA for your banking as well as sensitive websites.
Two-factor authentication will give your online account an additional layer of security, which means no hacker can get past the second layer without answering the security question or entering the code sent to your device.
Try using your mobile hotspot:
I know this will sound absurd while we are talking about hotel Wi-Fi hotspots, but believe me, mobile hotspots are your safest alternative to connect to the internet.
A mobile hotspot cannot be compromised at all, because it is your personal asset, and no one, except you, has access to it (well in many cases).
Therefore, try using your mobile hotspot, if you feel like the public hotel Wi-Fi is not safe at the moment.
You can also try using the portable hotspots available in the market.
Never share any sensitive kind of information, whether it be your social media credentials or your bank login details over a public hotel Wi-Fi.
In fact, avoid accessing such sites when you don’t have your own protected internet network.
Always log out after every session:
No matter what site you are surfing on the internet, always log out after every session to avoid hackers gaining access to your accounts.
I have seen many people who don’t want to remember the login credentials of their social media sites, but this habit can cause havoc if your mobile or PC gets hacked in near future.
Change your passwords before and after traveling:
This is one of the best things you can do to protect your device or data from getting compromised.
Changing your passwords will not only update the security of your account but will also minimize or say nullify the chances of a hacker guessing your password.
Keep your device updated:
Software updates are released for a reason, and therefore, always try to install updates when available.
Updates will not only give your device a clean and new look but will also patch up the bugs that were on the previous OS.
Avoid accessing sites that require your authentication:
Want to access your banking or favorite e-commerce website while on the go?
Well, don’t even think about logging via a public hotel Wi-Fi, because you know how hackers are. Instead, use a mobile hotspot or other secure option.
Always use an HTTPS website:
This is something that every individual should remember, and only access a website if it has an HTTPS protocol.
Because the non-SSL-certified websites are riskier than you think. HTTP websites are the soft target of a hacker, thus leaving you open to endless vulnerabilities.
Lastly, nothing of the mentioned above will work if you are non-attentive to whatever is happening around you.
So, if your gut is telling you that someone is following or spying on you, believe it and then take precautionary measures accordingly.
You can also follow this Infographic guide to protect your data on public wifi.
Final Remarks on “Is public hotel Wi-Fi safe?”
With everything getting back to normal, people have again started visiting places, booking hotels, and using public hotel Wi-Fi to stay online.
However, after this long discussion, it is very much clear that public hotel Wi-Fi’s not a safe option even in the year 2022.
And therefore, I recommend you to stay away from these kinds of Wi-Fi networks.
But by any chance, if you have to, then just follow the precautionary measures mentioned in the article, and you are good to go.