The Cybersecurity company NordVPN is warning hotel rooms are one of the riskiest places for your data on holiday, and tourists need to be aware of the ‘evil twin’ Wi-Fi connections that can be used to steal their passwords and personal information.
As British holidaymakers prepare for their summer getaways, they need to be on their guard in hotel rooms, which are some of the riskiest places for your data. Although many will focus on the weather and beautiful surroundings, most will be blissfully unaware of the fraudsters, who set up fake ‘evil twin’ Wi-Fi connections to steal passwords and modify USB ports to grab data. It is an infamous technique known as ‘juice jacking’.
Adrianus Warmenhoven, a cybersecurity expert at NordVPN, said, “You don’t need to be at home or the office for your data to be stolen – cybercriminals don’t take a holiday and will happily break into your phone at your hotel.
“Hackers can use a hotel’s cybersecurity vulnerabilities in several ways to reach you – even in your room. While you’re on vacation and away from your home internet connection, you should be cautious and manage cybersecurity risks.”
Below are five ways travellers can be hacked in their hotel rooms and some advice on how to keep your guard up while letting your hair down.
Hotel Wi-Fi: Protect your connection
Every public internet connection has an increased risk of being used by cybercriminals, and hotel Wi-Fi is no exception.
Hackers can use a hotel’s Wi-Fi to steal travellers’ passwords and personal information in two ways. One is to connect to the hotel’s Wi-Fi and install malicious malware. The second is to create a so-called “evil twin” – a fake, unprotected Wi-Fi hotspot with an unsuspicious name like “Guest Wi-Fi” or “Free Hotel Wi-Fi” – and steal private information this way.
Warmenhoven said, “To avoid being hacked through hotel Wi-Fi, travellers must take a few steps. First, ask the person at the reception desk to give the exact name and password for the provided Wi-Fi to avoid connecting to an ‘evil twin’ network. Second, use a VPN service to encrypt your data and prevent third parties from intercepting it. Finally, it is always a good idea to enable a firewall while using public Wi-Fi.”
USB charger: Use a socket instead
For the convenience of visitors, some hotels install USB charging ports in hotel rooms. It is a tempting way to charge a device, especially if the traveller comes from a location with a different plug type.
However, it may introduce the risk of becoming a victim of cybercriminals. Hackers can modify public places’ charging cables to install malware on phones to perform an attack called juice jacking.
This type of attack allows hackers to steal users’ passwords, credit card information, address, name, and other data.
Warmenhoven said, “Safe device charging on your way to your vacation spot might be challenging because you must carry a power bank or USB data blocker, but hotel rooms always have a socket. Usually, it’s the safest way to charge your devices.
Smart TV: Stop TV from Cyberstalking
With an established connection to local Wi-Fi to allow travellers to access apps and streaming platforms, a smart TV can become a gateway for cybercriminals.
A hacked smart TV could be used for cyberstalking travellers with built-in microphones or cameras or stealing personal credentials used to log in to apps on smart TV and sell them on the dark web.
Keep the smart TV unplugged from power sources when it’s not being used. Covering the webcam and avoiding logging in with personal credentials also mitigates cyber risks.
Automatic connections: Disable auto-connections to Wi-Fi, enable security app
Keeping the automatic connection function disabled helps to mitigate cybersecurity risks on a trip because devices may be surrounded by public and insecure internet connections. Moreover, some travellers leave their smartphone in their hotel room and forget that even if they leave a device disconnected from Wi-Fi, it can automatically turn on, for example, after the hotel staff moves it while cleaning a room.
Disabling automatic connection is one solution to protect your device. The second is to enable auto-connection to security apps, such as firewalls or VPNs. This way, even if the device connects to Wi-Fi, it remains protected from cybercrimes.
Phishing attacks: Be attentive
Unfortunately, complete prevention of cyberattacks can be challenging, especially when it comes to professional hackers aiming for high-value targets.
The cyber-attack group DarkHotel has been known to compromise the Wi-Fi of luxury hotels by combining spear phishing, dangerous malware, and botnet automation designed to capture confidential data. Because the group seeks out only high-value targets — C-level executives, politicians, representatives from military-related organisations, and pharmaceutical company representatives — phishing emails are tailored to each target and are highly convincing.
Warmenhoven said, “Effective protection from sophisticated cyberattacks is possible by using trusted VPN and internet security apps as well as regularly updating software. Nevertheless, travellers should always be aware of phishing attacks: Verify the authenticity of suspicious emails and executable files and pay attention to odd spelling. These habits remain valuable during vacation and when you return to the office.”
Read more travel guides, news, reviews and features here.