As British holidaymakers prepare for the summer they need to be on their guard in hotel rooms, which are some of the riskiest places for your data, warns cybersecurity company NordVPN.
Fraudsters will set up fake ‘evil twin’ Wi-Fi connections to steal passwords, and modify USB ports to grab data with a technique called ‘juice jacking’.
NordVPN’s cybersecurity expert Adrianus Warmenhoven said: “You don’t need to be at home or the office for your data to be stolen – cybercriminals don’t take a holiday and will happily break into your phone at your hotel
“Hackers can use a hotel’s cybersecurity vulnerabilities in several ways to reach you – even in your room. While you’re on vacation and away from your home internet connection, you should be cautious and manage cybersecurity risks.”
Here are five ways travellers can be hacked in their hotel rooms, and some advice on how to keep your guard up while letting your hair down .
Hotel Wi-Fi: Protect your connection
Every public internet connection has an increased risk of being used by cybercriminals, and hotel Wi-Fi is no exception.
Hackers can use a hotel’s Wi-Fi to steal travellers’ passwords and personal information in two ways. One is to connect to the hotel’s Wi-Fi and install malicious malware. The second is to create a so-called “evil twin” – a fake, unprotected Wi-Fi hotspot with an unsuspicious name like “Guest Wi-Fi” or “Free Hotel Wi-Fi” – and steal private information this way.
Warmenhoven said: “To avoid being hacked through hotel Wi-Fi, travellers must take a few steps. First, ask the person at the reception desk to give the exact name and password for the provided Wi-Fi to avoid connecting to an ‘evil twin’ network. Second, use a VPN service to encrypt your data and prevent third parties from intercepting it. Finally, it is always a good idea to enable a firewall while using public Wi-Fi.
USB charger: Use a socket instead
For the convenience of visitors, some hotels install USB charging ports in hotel rooms. This is a tempting way to charge a device, especially if the traveller is coming from a location with a different kind of plug.
However, it may introduce the risk of becoming a victim of cybercriminals. Hackers can modify public places’ charging cables to install malware on phones to perform an attack called juice jacking. This type of attack allows hackers to steal users’ passwords, credit card information, address, name, and other data.
Warmenhoven said: “Safe device charging on your way to your vacation spot might be challenging because you must carry a power bank or USB data blocker, but hotel rooms always have a socket. Usually, it’s the safest way to charge your devices.
Smart TV: Stop TV from cyberstalking
With an established connection to local Wi-Fi to allow travellers to access apps and streaming platforms, a smart TV can become a gateway for cybercriminals.
A hacked smart TV could be used for cyberstalking travellers with built-in microphones or cameras, or stealing personal credentials used to log in to apps on smart TV and selling them on the dark web
Keep the smart TV unplugged from power sources when it’s not being used. Covering the webcam and avoiding logging in with personal credentials also mitigates cyber risks.
Automatic connections: Disable auto-connections to Wi-Fi, enable security app
Keeping the automatic connection function disabled helps to mitigate cybersecurity risks on a trip because devices may be surrounded by public and insecure internet connections. Moreover, some travellers leave their smartphone in their hotel room and forget that even if they leave a device disconnected from Wi-Fi, it can automatically turn on, for example, after the hotel staff moves it while cleaning a room.
Disabling automatic connection is one solution to protect your device. The second is to enable auto-connection to security apps, such as firewalls or VPNs. This way, even if the device connects to Wi-Fi, it remains protected from cybercrimes
Phishing attacks: Be attentive
Unfortunately, complete prevention of cyberattacks can be challenging, especially when it comes to professional hackers aiming for high-value targets.
The cyber-attack group DarkHotel has been known to compromise the Wi-Fi of luxury hotels by combining spear phishing, dangerous malware, and botnet automation designed to capture confidential data. Because the group seeks out only high-value targets — C-level executives, politicians, representatives from military-related organisations, and pharmaceutical company representatives — phishing emails are tailored to each target and are highly convincing.
Warmenhoven said: “Effective protection from sophisticated cyberattacks is possible by using trusted VPN and internet security apps as well as regularly updating software. Nevertheless, travellers should always be aware of phishing attacks: Verify the authenticity of suspicious emails and executable files and pay attention to odd spelling. These habits remain valuable during vacation as well as when you return to the office.”
