VWould you like to take a quick look at your e-mails on the go, check your account balance or even make a transfer or two? No problem, there are plenty of mobile phone apps that make this very easy. So that there are no extra costs from abroad, especially for long-distance trips, it is advisable to use the free hotel WLAN.
It is therefore not surprising that in a 2017 survey by the online data provider Statista about the most important hotel services, access to the internet was at the top of the list, well ahead of parking spaces and other extras: WiFi is essential for 80 percent of all travellers. Just as many should then use it.
Once you arrive in your room, the WLAN is quickly set up: you select the right network, with a bit of luck you don’t even need a password, and you’re good to go. You can usually tell which network is the right one by looking at the name: “Hotel”, “Guest” are classic variants – and very few guests bother to check this name again.
Cyber criminals know this too. For them, all they need to do is set up their own WiFi hotspot near the hotel and give it a plausible name. Everything else is child’s play: from e-mail log-in to bank passwords, everything can now be tracked – and of course misused. They may also use the connection to install malware or redirect the guest to phishing sites.
Hotel servers are also hacked
An indication that you have landed on such a fake page can be the message “Authentication failed”. After the attacker has received the login data, he now redirects to the correct page, where the login naturally works again.
This method is also popular at airports and in restaurants. A look at the hotel software itself shows that cyber security is not the best in hotels, because it is not always as secure as a customer would like it to be: On November 30, 2018, the Starwood hotel group published a subsidiary of the Marriott group, which includes the Westin, Sheraton, Le Méridien, St. Regis and W hotels brands, that an incredible 339 million customer records had been stolen: credit card number, card expiry date, date of birth, telephone and ID numbers, reservation data – in short, everything you need to really mess around with the data.
Water sports – and post the photos of it on social media right away
Quelle: picture alliance / ZUMAPRESS.com
And not only that: the gap remained undiscovered for almost four years! Incidentally, the fact that Marriott and Starwood were affected is rather coincidental – Hyatt, Hilton, Radisson and Intercontinental were also affected in the past, to name just a few – because the security problems are typical of the industry: where many companies, i.e. the hotels in a chain work together are naturally not always maintained equally well and not always all at the same technical level.
The so-called Property Management System PMS is the classic gateway. This is where bookings are made, credit card details are saved and keys are issued. The PMS are often outdated and therefore vulnerable. With a bit of luck there will be a connection from the PMS to the network (corporate system) of the hotel chain. It’s no wonder that the hotel industry is affected by cyber attacks more often than average.
One in eleven has already been a victim
Unfortunately, as a guest, you cannot avoid leaving your personal data, without a name and credit card there is no check-in. And even during the stay there is more data: Watched three sleazy films and paid for them? Is of course in the system, just like the taxi order and the departure date.
Incidentally, such security problems are not uncommon: According to the 2019 Hospitality Guest Cybersecurity Threat Index by the cybersecurity company Morphisec, nine percent of the travelers surveyed stated that they had already been the victim of a cyber attack or a data leak in the hotel. The tendency to regulate room access via face recognition, as is already being implemented in some cases in Japan and China, is downright frightening under these circumstances.
A lot can be done via the airport WLAN
Quelle: picture alliance / ROBIN UTRECHT
Tips for more data security in the hotel
There are simple but effective methods against data theft through the wrong WLAN: Take a close look to see whether you are dealing with the right WLAN – and conduct banking transactions via a mobile roaming connection. At least within the EU, this is no longer a cost factor, but it is safe.
Anyone who absolutely wants to do banking while traveling or uses other security-related apps is also well served outside of Europe with a portable WLAN, with which a secure connection can also be established. Alternatively, you can also connect via a VPN tunnel, although you should load the software onto your cell phone when you are at home.
The text is a chapter from the recently published book “What you thought you never wanted to know about traveling” by Françoise Hauser, Conbook Verlag, 256 pages, 9.95 euros.
Source: Conbook Verlag