Share

How hackers exploit hotel Wi-Fi

accreditation
Hackers employ strategies to gain access to personal information. (Duncan Alfreds, Fin24)
Hackers employ strategies to gain access to personal information. (Duncan Alfreds, Fin24)

Johannesburg - Poorly secured Wi-Fi networks at hotels are spurring on cyber criminals to swoop in and steal guests’ private information, warns PricewaterhouseCoopers (PwC).

The security of guest information and operational technology has emerged as a business risk for the hotel industry, according to PwC’s Hospitality Outlook 2015-2019.

“For business travellers, access to fast and low-cost internet is a must have. But these Wi- Fi connections are not always secure. And that is a security gap that cyber criminals are making use of,” says Nikki Forster, hospitality industry leader for PwC, Southern Africa.

PwC says cyber criminals are targeting hotel networks and infecting computers with an aim to steal personal information of guests.

Techniques that hotel hackers use range from the mathematical to crypto-analytical, says PwC.

“This is usually done by hackers waiting for guests to check in and log on to the hotel Wi-Fi by usually submitting their room number and surname,” says Veneta Eftychis, senior manager, PwC hospitality and gaming industry.

“Thereafter the hotel guest gets tricked into downloading and installing a so-called backdoor file, which pretends to be an update for legitimate software, such as the Google Toolbar or Adobe Flash.”

PwC explains that unsuspecting guests could risk downloading this hotel ‘welcome package’ only to infect their machines with spyware.

The likes of key logger malware could then find its way onto a guest’s computer, possibly resulting in hackers snooping on login credentials or private information.

PwC’s Eftychis says some hackers even appear to know the names, arrival and departure times, and room numbers of hotel guests in these attacks.

The hotel hackers also typically delete their tools from the network and go back into hiding afterwards, notes PwC.

One such group dubbed ‘DarkHotel’ group is said to have been active for the past four years and targets high profile guests in free Wi-Fi zones.

Meanwhile, South African hotels were also targeted by fraudsters in 2012 and 2013 who used malware known as Dexter. The malware skimmed and transmitted credit cards’ magnetic-strip information, allowing clones to be made.

Tips for hotels and their guests

Safeguards that hotel guests can employ to protect themselves range from ensuring they have the latest antivirus installed to not updating software or opening files on untrusted networks.

PwC’s Eftychis also advises that hotel guests use a virtual private network (VPN) to establish an encrypted communication channel when accessing hotel Wi-Fi.

In addition, hotels can also do more to protect their networks by implementing up-to-date prevention and risk management practices.

Theft by employees should also be accounted by hotels as food and beverage servers can use small devices - hidden in pockets - to swipe customer credit cards and steal this data.

Hotels should also make sure that responsibility for data security is part of the chief information officer or chief security officer’s responsibilities.

A risk assessment of hotel Wi-Fi networks should also be conducted, says Eftychis.

“Unfortunately cyber criminals are getting faster and more sophisticated – to stem the tide hotels also need to stay proactive and put a strategy and incident response plan in place. As part of the plan hotels should be aware of policies and processes relating to data breach, and educate staff on protocols,” says Eftychis.

Have you been a victim of hacking on public Wi-Fi networks? Do you also do enough to safeguard yourself on public Wi-Fi networks? Tell us by clicking here.

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.94
-0.0%
Rand - Pound
23.91
-0.0%
Rand - Euro
20.41
+0.1%
Rand - Aus dollar
12.33
+0.1%
Rand - Yen
0.13
-0.0%
Platinum
908.05
+1.2%
Palladium
1,014.94
+1.3%
Gold
2,232.75
-0.0%
Silver
24.95
-0.1%
Brent Crude
87.00
+1.8%
Top 40
68,346
0.0%
All Share
74,536
0.0%
Resource 10
57,251
0.0%
Industrial 25
103,936
0.0%
Financial 15
16,502
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders