Hotel Cyber Attacks: How to Avoid Them

A hotel is one of the most hazardous places to get hacked with cybercriminals just waiting for you to plug in and connect.

What are the ways travelers are hacked at their hotel rooms, and how can they protect themselves? Here’s what the cyber experts have to say.

Protect your Hotel Wi-Fi Connection

Every public Internet connection has an increased risk of being used by cybercriminals, and hotel Wi-Fi is no exception. Hackers can use a hotel’s Wi-Fi to steal travelers’ passwords and personal information in two ways. One is to connect to the hotel’s Wi-Fi and install malicious malware. The second is to create a so-called “evil twin” – a fake, unprotected Wi-Fi hotspot with an unsuspicious name like “Guest Wi-Fi” or “Free Hotel Wi-Fi” – and steal private information this way.

To avoid being hacked through hotel Wi-Fi, travelers must take a few steps. First, ask the person at the reception desk to give the exact name and password for the provided Wi-Fi to avoid connecting to an ‘evil twin’ network. Second, use a VPN service to encrypt your data and prevent third parties from intercepting it. Finally, it is always a good idea to enable a firewall while using public Wi-Fi.

Use a Socket Instead of a USB Charger

For the convenience of visitors, some hotels install USB charging ports in hotel rooms. This is a tempting way to charge a device, especially if the traveler is coming from a location with a different kind of plug. However, it may introduce the risk of becoming a victim of cybercriminals. Hackers can modify public places’ charging cables to install malware on phones to perform an attack called juice jacking. This type of attack allows hackers to steal users’ passwords, credit card information, address, name, and other data.

Safe device charging on your way to your vacation spot might be challenging because you must carry a power bank or USB data blocker, but hotel rooms always have a socket. Usually, it’s the safest way to charge your devices.

Don’t Let the TV Cyberstalk You

With an established connection to local Wi-Fi to allow travelers to access apps and streaming platforms, a smart TV can become a gateway for cybercriminals. Depending on the aim of intruders, a hacked smart TV could be used for a number of cybercrimes: from cyberstalking travelers with built-in microphones or cameras to stealing personal credentials used to log in to apps on smart TV and selling them on the dark web.

Cybersecurity experts advise keeping the smart TV unplugged from power sources when it’s not being used. Covering the webcam and avoiding logging in with personal credentials also mitigates cyber risks.

Disable Wi-Fi Auto Connections

Keeping the automatic connection function disabled helps to mitigate cybersecurity risks on a trip because devices may be surrounded by public and insecure Internet connections. Moreover, some travelers leave their smartphone in their hotel room and forget that even if they leave a device disconnected from Wi-Fi, it can automatically turn on, for example, after the hotel staff moves it while cleaning a room.

Disabling automatic connection is one solution to protect your device. The second is to enable auto-connection to security apps, such as firewalls or VPNs. This way, even if the device connects to Wi-Fi, it remains protected from cybercrimes.

Beware of Phishing Cyberattacks

Unfortunately, complete prevention of cyberattacks can be challenging, especially when it comes to  professional hackers aiming for high-value targets. One of the best-known examples is the cyberattack group DarkHotel, which has been known to compromise the Wi-Fi of luxury hotels by combining spear phishing, dangerous malware, and botnet automation designed to capture confidential data. Because the group seeks out only high-value targets — C-level executives, politicians, representatives from military-related organizations, and pharmaceutical company representatives — phishing emails are tailored to each target and are highly convincing.