Beware the Siren Call of Hotel WiFi

By Robert McGarvey




What part of hotel WiFi is dangerous to your data don’t you understand?

I ask because, according to a new report from the Global Business Travel Association (GBTA), 64 to 69% of you say you would book a room directly with a hotel for free WiFi.

That stuns me.

I get why 35% of business travelers in that survey say they want more outlets in rooms – I certainly do and I find it mind boggling that it is 20 years now that I have had to rearrange hotel room furniture on check in just to find enough outlets. At least nowadays I don’t carry a powerbar with me, something I routinely packed in the 1990s. Hotels have made progress but not nearly enough

But color me also curious why 32% of business travelers want inroom chargers for phones and laptops – I suppose they have never heard of “juice jacking.”  Read about it and you will never again use those charging kiosks at airports (I never have, never will) and I doubt you will use such tools even in a hotel room.  The risks are too high.

Which brings us back to the siren call of free hotel WiFi.

You’ll recall that in the Odyssey, Odysseus had his crew tie him to the mast so that he could safely ignore the call of the Sirens – who enticed sailors into shipwrecks and drowning.  Odysseus steeled himself to sail right by.

Do likewise my friends, when it comes to hotel WiFi.

If you absorb nothing else from me, remember these two realities:  Never, ever use a credit card at a hotel restaurant, bar or gift shop is number one and that is because a month does not go by when there isn’t another reported hotel data breach and the real question is how many are ongoing but have yet to be discovered by the hoteliers?

It just is dangerous to use plastic at hotels – although, so far, reservation systems appear not to have been compromised.

Hotels have however had epidemic issues with compromise of their loyalty programs and also their restaurants, bars and gift shops.

If you must use the latter, pay with cash, or sign the purchases over to your room. You’ll probably be safe. Just don’t use a credit and definitely not a debit card because – these days – you have to assume there’s a good chance the system has already been breached.

Hotels just don’t put enough – or the right – emphasis on data security.

Which brings us back to the second lesson and that is the pervasive dangers of hotel WiFi. For at last a decade, information security experts have warned that public WiFi in general and hotel WiFi in particular are playgrounds for hackers.  Packet sniffing technologies make it easy – even for the technically unsophisticated – to scoop up posts on public WiFi networks.

Don’t think it doesn’t happen. It definitely does.

The cure? Do as I do and – whenever doing anything remotely sensitive in a hotel room (banking, for instance) – I create a hotspot with my cellphone and use it to power the connection. There’s a reason I am paying for 6GB of data on T-Mobile and the same amount on Project Fi and it’s not because I stream college football games on ESPN.

It’s because I prefer the safety in creating my own hotspot.

Should you never use inroom WiFi? Sure, use it to stream that ESPN game, to watch YouTube Ted Talks, to play blackjack – however you fill down time on the road.  Read newspapers online too. Just avoid sites where you sign in with a username and password – because you don’t want a hacker to grab those credentials and work mischief with them.

Another option: use a VPN when on hotel WiFi.  That will probably cost you a few shekels and it may slow your connections – VPNs usually do – but a VPN encrypts data and that probably will be enough to thwart hackers and data sniffers. This way, you get the free WiFi access but the VPN gives you a measure of protection.

Bottomline: assume hotel WiFi is hacked.  

Is it always? Of course not.  

But it’s porous enough of the time that the security savvy know to avoid it.

Do likewise.

Or at least take steps – such as VPN – to protect yourself.


2 thoughts on “Beware the Siren Call of Hotel WiFi”

  1. Doesn’t most banking sites use https?
    In what way is that different from using a VPN?
    Are we providing useful information or just scaring readers

Leave a Reply

Your email address will not be published. Required fields are marked *