Warning: free hotel wifi is a hacker’s dream (alleged)

Warning: free hotel wifi is a hacker’s dream (alleged) - Child Walking on Grass Path

Is this article correct? A little bit? A lot? Or is it all bollox?

Sure using public or near-public wifi (internet cafe or hotel) you should expect your browsing history to be visible to the world, but ...

Specifically three questions:

  • Does the hotel's wifi asking for a password make any difference to the visibility of your internet traffic? (A guest/hacker in another room would also get that password and could detect your traffic.)

  • If you log into your bank over hotel wifi, that's encrypted. (Presuming your bank's site is https://... -- and if it isn't, change your bank.) Sure a hacker could see that there's traffic, but couldn't crack it to get your banking password(?)

  • Hackers getting into hotel's admin systems and stealing guests' credit card details is indeed a problem. But that's nothing to do with hotel wi-fi. You're just as likely to get your card number pwned, whether or not you used the wi-fi, whether or not you used a VPN. The hackers are probably in another country, connecting to the hotel chain's HQ systems, and not via any specific hotel at all(?)



Best Answer

Does the hotel's wifi asking for a password make any difference to the visibility of your internet traffic? (A guest/hacker in another room would also get that password and could detect your traffic.)

This depends - is the password entered via a captured portal (do you get redirected to a payment or login screen when you try to browse) or when you select the network in your network settings and enter a wifi key?

If the former, then the network is essentially open to all, and only the internet route is blocked for payment or authorised users. In this case, wifi packets can be sniffed easily enough.

If the latter, generally you are safe, as there is encryption inplace between you and the router.

If you log into your bank over hotel wifi, that's encrypted. (Presuming your bank's site is https://... -- and if it isn't, change your bank.) Sure a hacker could see that there's traffic, but couldn't crack it to get your banking password(?)

Yup, HTTPS is secure enough - there are situations where HTTPS can be mitigated by a network provider, but they generally apply only if there is ever a situation where the network provider gets to install something on your computer - you should never accept this, as they can install a root certificate of their own and then man-in-the-middle all of your traffic on that network.

Your third question isn't really a question at all.

Also note that you aren't safe from attack if you use the Ethernet cable connection often provided in hotel rooms - network routers can often be forced into promiscuous mode, allowing anyone on the network to receive all your traffic.




Pictures about "Warning: free hotel wifi is a hacker’s dream (alleged)"

Warning: free hotel wifi is a hacker’s dream (alleged) - Young woman smoking while resting on poolside
Warning: free hotel wifi is a hacker’s dream (alleged) - Grayscale Photography Manikineko
Warning: free hotel wifi is a hacker’s dream (alleged) - Picturesque scenery of tropical resort with cozy blue umbrellas on outside terrace amidst exotic palms during picturesque sunset



Can a hotel see what you do on WiFi?

While your hotel's management usually won't be able to see the contents of your communications, they can easily find out what websites you visit and how much time you spend browsing the Internet.

Can hotel WiFi be hacked?

A key method of access used by intruders is delivered by hotel wifi systems. If a hacker can create a fake wifi hotspot, it can attract hotel guests to connect to it. Many of the visitors may carry out inconsequential activities while connected to the data gathering hacker wifi hotspot.

Is free hotel WiFi safe?

As with airport Wi-Fi, hotel Wi-Fi hotspots are not always secure \u2014 even with a password. After all, hotels specialize in hospitality, not information security. There's no guarantee that the person who set up the hotel's Wi-Fi network turned on all the security features.

Can hotel Free WiFi see what you search?

The truth is hotel WiFi has never been safe by any means, and all the sensitive information that you transmit using it, for example, your credit card details, can easily be tracked. The same can happen to the history of your online searches as, technically, your hotel's WiFi admin can also see your Internet history.



Hack Hotel, Airplane \u0026 Coffee Shop Hotspots for Free Wi-Fi with MAC Spoofing [Tutorial]




More answers regarding warning: free hotel wifi is a hacker’s dream (alleged)

Answer 2

If the wifi is unsecured, it means that all data is sent as-is without encryption over the air between your device and the access point. Anyone can sniff the traffic, and see exactly what's going there. Using secure connection (e.g. HTTPS), then the data is encrypted and essentially secure, although the source and target IP addresses are not, since it's still run over plain TCP/IP.

On a secured wifi, even though everyone has the same password, cracking it is not quite as straightforward. Connecting to the network will be done through a handshake, where each connection gets its own encryption key -- all data sent over the air between your device and the access point will be encrypted with this key. Of course, some wifi encryption methods are easier to crack than others, so it's still advisable to use HTTPS and other secure protocols on top of it.

Also, just requiring to input a password does not necessarily means the wifi is secure. Quite often you will just need to login to a proxy server to let you access the internet, while the wifi itself is unsecured.

Sources: Stack Exchange - This article follows the attribution requirements of Stack Exchange and is licensed under CC BY-SA 3.0.

Images: Oleksandr Pidvalnyi, Helena Lopes, NOHK, Luis Quintero