We haven’t looked at the sorry state of hotel security for a while, but we have done articles on hotel locks, and hotel business center computers before. The Naked Security blog recently published a story about the Russian hacker collective known as Fancy Bear, and their involvement in the use of the leaked NSA exploit Eternal Blue to launch Advance Persistent Threat (APT) attacks against hotels. So far, this attack has been seen only in European hotels, but I am certain that we will see this spread to the Unites States (and the rest of the world) in due time.
This attack is usually launched with an email containing an infected Word document attachment, and is designed to stay hidden. The probable targets are high-value guests travelling for governmental or business reasons. Connecting to the hotel guest wireless or Ethernet connection will make you a potential victim of this exploit.
The way to stay safe is to do something that I find myself doing more frequently – BYOW or bring your own Wi-Fi. When given the choice between an unsecured but free public Internet connection, and my metered but secure Wifi from my smartphone, I go smartphone all the time.
Another good solution is to use a VPN any time you connect to any network that is not your home network or your business network. And considering the way APTs are showing up at home and the office, maybe you should use your VPN all the time.
I might as well give another plug to Rubica, the personal cybersecurity service I wrote about on August 16th. The VPN proxy service at the core of their offering, coupled with the machine learning and human cybersecurity operatives, will keep you out of harm’s way.
So basically, you can’t trust hotel door locks, the business center computer has more infections than the hotel whirlpool, and the guest network has probably been compromised. Have fun on your next trip!! And yes, I do travel for business and pleasure. I never leave anything in the room that I can’t live without, and I do not use the provided guest Internet service any more.
- Keyloggers Found on Many Hotel Business Center Computers
- Hotel Locks Easily Hacked
- Deviant Ollum YouTube Video – I’ll Let Myself In Go to 23:37 to see him pop a typical hotel door, watch the whole thing if you want to see him break into a varied of doors using things like canned air and whiskey.
- Fancy Bear bites hotel networks as EternalBlue mystery deepens
- Need a Personal Cyber Security Staff? Rubica May Be the Answer