• 07948 570815
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
Free hotel wi-fi can be risky!

Free hotel wi-fi can be risky!

You’ve just arrived at the hotel after a delayed flight and then you remember that you’ve forgotten to pay last month’s credit card bill, and there will be an interest charge if you wait until you return.

But that's not a problem you can do it online and help is at hand. The receptionist is welcoming and helpful. They have wi-fi and it’s free. Relieved, you ask for the password. “Oh, you don’t need one,” he replies. “Just type in your room number and click the box.”

But, hold on, surely that helpful receptionist would not knowingly offer a dangerous service. Also, they find digital technology baffling and intimidating. And they cannot imagine why anything they do online might be of interest to anyone.

However the cynic may think can free wifi networks be trusted? The cynic is right to be wary.

Hotel chains have become a coveted target of hackers. Many of the industry’s biggest operators have reported data breaches in recent years, including big names such as Hilton, InterContinental, Marriott and Hyatt. Most of these attacks, according to Bloomberg, are focused on the property management systems (PMS) used by hotel chains to take reservations, issue room keys and store credit card data.

The Bloomberg report, written by Patrick Clark, was based on the exploits of a team of “white hat” hackers, employed to test the security of a particular system. After plugging the internet cable from a bedroom’s smart TV into a laptop they got into the hotel’s PMS, which led to the chain owner’s corporate system. In doing so they gained access to credit card information for several years’ worth of transactions in dozens of hotels. And if they had been crooks the team could have sold the information on the black market, where a Visa card with a high credit limit can fetch up to £16.

Why are hotels such tempting targets? Partly because their systems are easy to penetrate, technically. “Hospitality companies,” writes Clark, “long saw technology as antithetical to the human touch that represented good service. The industry’s admirable habit of promoting from the bottom up means it’s not uncommon to find IT executives who started their careers toting luggage. Former bellboys might understand how a hotel works better than a software engineer, but that doesn’t mean they understand network architecture.”


The vulnerability is also a reflection of an occupational culture. After all, the hotel business is about welcoming guests and trying to anticipate – and satisfy – their needs. Nowadays, everybody expects to have free wi-fi, so why not give them that in the most hassle-free way imaginable? No messing with passwords and cumbersome log-in procedures; just type in the room number and click “OK”. From a hacker’s perspective, therefore, the hospitality industry looks like a prime opportunity: easy pickings from hotels’ booking records, plus juicy items of personal information from using insecure wi-fi networks.

In the meantime, what can travelling holidaymakers do to protect themselves? The short answer is to invest in – and install – virtual private network (VPN) software on any device that travels with you. A VPN functions as an encrypted tunnel to a special server located somewhere on the internet. If you connect to the Observer through a VPN, for example, then the VPN server connects to the paper on your behalf. And because all the traffic is encrypted it’s gobbledegook to any snooper, which means that you can safely use hotel (and cafe) wifi networks wherever you go.


More From Our Blog