Some hotels have apparently begun offering daytime room reservations, for those seeking to work from somewhere besides home during the pandemic.
The FBI has now issued a warning that those working in that manner may face extra risk of being hacked, and that they should be vigilant about protecting their devices and information while working on hotel Wi-Fi.
“The Federal Bureau of Investigation is issuing this announcement to encourage Americans to exercise caution when using hotel wireless networks (Wi-Fi) for telework,” a public service announcement issued Wednesday said. The threat, the note said, could come from either cybercriminals or “nation-state actors.”
“While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks,” the warning said. “Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests. Following good cyber security practices can minimize some of the risks associated with using hotel Wi-Fi for telework.”
The report states that hotel Wi-Fi often has more lax security than other types of common Wi-Fi networks, and that attacks are frequently interested in obtaining guests’ information, including credit-card numbers, as well as business data. “Evil twin” attacks, in which hackers create fake Wi-Fi networks similar to those of the actual hotel, can also happen. There is also, per the FBI, not any type of industry standard when it comes to secure Wi-Fi access in hotels.
“Much of a hotel’s network infrastructure is entirely out of the control of the hotel guest. Guests generally have minimal visibility into both the physical location of wireless access points within the hotel and the age of networking equipment,” the warning said. “Old, outdated equipment is significantly more likely to possess vulnerabilities that criminal actors can exploit. Even if a hotel is using modern equipment, the guest has no way of knowing how frequently the hotel is updating the firmware of that equipment or whether the hotel has changed the equipment’s default passwords.”
The FBI did not say that any such specific attack has taken place targeted at people who working in hotels during the day as a result of the pandemic.
The bureau recommends that those working in hotels use a reputable Virtual Private Network (VPN), use their phone’s wireless hotspot rather than hotel Wi-Fi, and ensure that they have backed up important computer data prior to leaving for the hotel. They are also asked to abide by their employer’s security protocols.
The FBI, back in late August, had warned that home surveillance cameras such as Ring could tip off suspected criminals to raids by law enforcement.
Stephen Silver, a technology writer for The National Interest, is a journalist, essayist and film critic, who is also a contributor to Philly Voice, Philadelphia Weekly, the Jewish Telegraphic Agency, Living Life Fearless, Backstage magazine, Broad Street Review and Splice Today. The co-founder of the Philadelphia Film Critics Circle, Stephen lives in suburban Philadelphia with his wife and two sons. Follow him on Twitter at @StephenSilver.