We’re having an in-depth look at hotel hacking—as it is often called—and how to protect yourself and your organization from hotel hackers, thereby safeguarding your invaluable corporate data.
Criminals are after corporate data and they’ll stop at nothing to get it. After all, data has become the main asset of many organizations. So, they’ve set up bases is hotels in order to gain access to corporate data through the devices that employees carry when travelling for business. If you’re travelling and using your devices to connect to your corporate network from your hotel room, make no mistake you are the target of hotel hackers. Fortunately, there’s something you can do about it.
We’ll start off our journey by having an in-depth look at what hotel hacking is. You’ll see how it is common and easy to exploit the flaws of networks and computers to gain access to corporate networks. And once a hacker has gained access to a corporate network, there’s no limit to the damage they can do. We’ll also see how the ubiquitous WiFi that we all come to expect and take for granted in our hotel rooms has made it even easier for hackers. Next, we’ll have a look at the history of hotel hacking for no other reason than to satisfy our curiosity. Finally, we’ll get to protecting against hotel hackers and how Virtual Private Networks can help with that followed by a brief review of some of the best VPN services you can use for that purpose.
Hotel Hacking: What Is It And How Is It Done?
When you travel and stay in hotels, you can unknowingly facilitate access to your work network by ill-intentioned individuals or organizations. A leading category of cyber attack involves hackers getting into company networks from where they can steal information and alter documents. This type of attack, called Advanced Persistent Threats (APT), requires an entry point and unsuspecting employees with company computers and smartphones give these hackers the access point that they need.
Hotels are convenient places for APT hackers because they’ll find a never-ending flow of computers and other devices with corporate network access from all over the world. Even vacation hotels are a good spot for hacking into company networks. This is due to this bad habit many of us have to always want to stay in touch with the office. The device that will give hackers the access they seek doesn’t need to belong to the company, it just needs to be connecting to the corporate network.
If your business sends staff abroad for meetings, sales pitches, training, or consultancy, you need to make sure all of the devices that they will potentially use to access the network are protected against infiltration.
Using WiFi For Hotel Hacking
A key method of access used by intruders is provided by hotel WiFi systems. A hacker can easily create a fake WiFi hot spot to attract hotel guests to connect to it. Many of the visitors may unsuspectingly carry out their usual activities while connected to the data gathering hacker’s hot spot, potentially exposing your corporate network access credentials, effectively granting them access to the corporate network.
Hotel hackers have now gotten up to speed with WiFi networks and they no longer need to get into your room to get onto your computer. Another simple method they can use is to tell you to download new software when you first connect to the hotel network. This is an evolved form of the spy-technician scam of previous years. Today, keystroke logging and controller programs get downloaded either as necessary connection software or masqueraded as updates for software that is already present on the computer.
Cybersecurity provider, Kaspersky Labs, reported in 2014 on their discovery of a hacking group from South Korea, called Darkhotel, which specialized in getting spyware onto the computers of guests in hotels. The group had operations enabling them to install spyware remotely over WiFi networks in several hotels in North and South Korea, Japan, Bangladesh, Thailand, India, Russia, Mozambique, the United States, the United Arab Emirates, Ireland, Italy, and Germany. The group uses a “man in the middle” method to get access to the computers of hotel guests. This type of scam is usually achieved by creating a fake WiFi hot spot that passes through all traffic onto the genuine hotel network, but monitors outbound traffic and injects in its own downloads of self-installing spyware.
A Brief History Of Hotel Hacking
In the good old days, hotel hacking required physical access to the target device. Business and government travellers to China report that they would often leave their laptops and phones in hotel rooms while they went out for dinner. Upon returning to the United States, network administrators found that their devices had extra hardware installed into them. Dan Harris from China Law Blog, for example, reports a group of people returning to their rooms and catching people accessing their computers while in Tokyo, Japan.
The US authorities have been warning their citizens about taking internet-active devices to China since the 2008 Olympics in Beijing. Former US National Counterintelligence executive, Joel Brenner, is still on a mission to inform the public about the risks in China. He claims that the networks in hotels in China are monitored and manipulated by the Chinese secret service.
The physical access invasion which occurred in hotels evolved when started to offer in-room internet access and again as WiFi became popular. However, hackers and security officials alike did not develop WiFi intervention methods immediately. In the beginning, hotel internet systems were typically used as a ploy to allow spies to gain access to the electronic devices of foreigners by invitation.
Protecting From Hotel Hackers
Security experts have one consistent piece of advice for protecting against hotel hackers: when you travel to “risky countries” such as China, Russia, the Baltic States, and even South America, you should leave your gadgets at home. Hackers can sneak app and operating system updates onto your phone and laptop while you walk around or sleep.
Even if you are unlikely to connect to the office network, when you get back, Trojans and spyware can get carried back home with you on your smartphone. Once you arrive back and call a friend, you may just have launched a computer virus epidemic that will cripple hospital machinery all over your country and put lives at risk.
If you really have to take your computerized devices with you, install extra security and privacy software to protect them. Remember that you are particularly vulnerable in your hotel because that’s where foreign secret service operatives and state-sponsored hackers have set up intrusion procedures.
The strongest protection you can get is one step up from security — this is privacy. Virtual private networks not only secure the contents of your connections, they even protect all of the behind-the-scenes messages that computers and smartphones use to create connections. The technology that makes behind networks and the internet is complicated and not many people know about it. However, hackers in North Korea, China, and Russia receive government funds which give them large budgets to invest in research. Foreign hacker corporations are constantly finding new ways to get into company networks, steal data, shut down utilities, and cause havoc. So, installing a VPN before you go away on vacation is not only a precaution, it’s your patriotic duty.
RELATED READING: Best VPN for Small Businesses
A VPN Can Help
A VPN can help you by building a tunnel between your computer or other device and the VPN server. All data in and out of your device is forced to go through the tunnel where strong encryption makes it undecipherable. Hackers won’t see what you’re doing and where you’re going and will most often simply switch to trying to hack a different guest.
So, you need to make sure that you install a VPN on your laptop and all your connected devices before you check into a hotel. All of the VPNs reviewed below work well to protect your privacy from hackers. Make sure you set up your VPN to provide maximum coverage. Most VPNs have a settings page right within the client app. Look for a setting that causes the VPN to connect as soon as the computer starts up. Also, look for a setting called “kill switch” that will block all traffic should the tunnel ever go down unexpectedly and another one that sets up automatic WiFi protection and turn them on. Finally, turn on all malware and tracker blocking options that your software provides.
These settings should prevent hackers from getting into your computer by turning it on remotely. The VPN will block all internet access as soon as the computer boots up and provide full protection against hijacking. Similarly, if for some reason, the VPN connection gets dropped, no further internet access is possible until the VPN is re-engaged.
Finally, here are a few more features you should be looking for when selecting a VPN provider. It should have no data throughput or usage time limits. You want to be able to connect for an unlimited amount of time and transfer as much data as you need. Your provider should, of course, offer strong security like all of those on our list do. They should also offer WiFi protection since this is now the primary intrusion method used by hotel hackers. And finally, they should let you protect all of your devices under a single account.
What are the best VPNs to protect against hotel hacking?
After searching the market for some of the best VPN service providers here are five that we highly recommend. They all provide a good amount of security, have all the required features and will do an excellent job of protecting you against hotel hackers.
ExpressVPN is one of the fastest VPNs and considering today’s media-intensive apps such as Netflix, you know speed is important. This provider offers consistent speed across all its servers and it does so without compromising security. But more important to that task at hand, it seems like this provider does an excellent job of staying under the radar when it comes to connecting to Netflix or other streaming services with similar practices.
ExpressVPN uses resilient encryption standards like OpenVPN connections encrypted with 256-bit AES as default. The service’s 4 096-bit DHE-RSA keys are protected by an SHA-512 hashing algorithm. For an excellent level of privacy, this provider only retains minimal individual data. It is based in the British Virgin Islands and is, therefore, not legally required to retain any user data at all. The client app features a “network lock” which is equivalent to other provider’s kill switch that further protects your privacy by blocking all network traffic if the VPN connection ever drops, which is a rare occurrence with such a reliable provider. Although ExpressVPN may not be the provider with the largest number of server and the most server locations, what it lacks in number of servers, it makes up for in speed and quality.
ExpressVPN’s client applications are available for most platforms and are very beginner-friendly. And if you do encounter an issue, the providers offer 24/7 customer support. I had one to use the live chat support and received a reply within a few seconds.
Get more info about ExpressVPN and its excellent software and features in our full ExpressVPN review.
- Unblocks American Netflix, iPlayer, Hulu
- Fast serves with minimal speed loss
- OpenVPN, IPSec & IKEv2 Encryption
- Keeps no logs of personal data
- 24/7 Chat Support.
- Priced slightly higher.
NordVPN is one of the oldest VPN providers. It has been around for over a decade and its ongoing popularity is still going strong, thanks in part to its huge server network and excellent value for the money. The provider’s servers fleet is impressive and it is one of the largest over 5000 servers located in 61 countries around the world. Having so many options means you’re unlikely to encounter geo-restrictions. Furthermore, this is a VPN that guarantees 99.9% uptime. While the company has been criticized in the past for suffering from speed issues, it is a thing of the past as NordVPN has deployed fruitful efforts to solve that.
NordVPN provides 256-bit encryption on OpenVPN with 2 048-bit Diffie-Hellman keys as standard. The service also offers several additional useful security features including a kill switch and shared IP addresses. Privacy is the provider’s strongest point and being based in Panama means they are free to not retain any user information whatsoever. Other unique features include double VPN servers (where your data is encrypted twice and rerouted through two successive VPN servers for extra protection) and Onion over VPN servers (where your data is redirected through the TOR Network as well as a VPN for even better security).
Learn more about the NordVPN software and overall experience in our complete NordVPN review.
- Highly affordable plans
- 5,400+ servers globally
- Torrenting/P2P explicitly allowed
- Extra-secure Double VPN for data encryption
- Great support (24/7 chat).
- Apps can sometime be slow to connect.
CyberGhost is another immensely popular VPN provider. It made our list because the service works great and delivers what’s expected. This provider has over 1300 servers in some 30 different countries. Among these, 150 servers are located in the US. This makes CyberGhost an excellent option to unblock many kinds of American geo-blocked content such as Netflix or other streaming services while ensuring a high level of security. Security-wise, this is a high-quality service that should provide excellent protection against hotel hackers.
By default, CyberGhost uses the OpenVPN protocol with 256-bit AES Encryption and 2 048-bit keys. For ultimate security, the provider also uses perfect secrecy. By generating a random key for each session, intercepting the connection is made much harder. Furthermore, the provider has a strict zero-logging policy; it doesn’t even keep user’s email addresses. Instead, it chose to have purchases processed by resellers so the only personal information it ever has about its users is their usernames. Other important features of the service include the ubiquitous Internet kill switch that will automatically disconnect your network if the VPN connection goes down as well as DNS and IP leak protection. As for the VPN client apps, they are available for Windows, Mac OS, iOS and Android.
Learn more about CyberGhost’s fast speeds and privacy features in our complete CyberGhost review.
- Unblocking Netflix USA, iPlayer, Amazon Prime, YouTube
- Affordable plans
- 7 simultaneous connections
- Zero logs
- 45-days 'No-hassle' money back guarante.
- WebRTC IPv6 leak in macOS
- Some streaming sites cannot be unblocked.
PrivateVPN, the next entry on our list, is another excellent provider. Using this VPN, you will be able to safely stream, surf, download content from the web, and connect to your office network while being protected from hotel hackers. It can also let you simply check social media accounts or your e-mail with full anonymity and from anywhere. The two most Important features of the service are its speed and its ease of use. It is one of the best VPNs for general daily use. As for the client software, it is available for smartphones, desktop and laptop computers, and even Fire TV, a great advantage if this the platform you’re using to watch Netflix content, and it boasts a lightweight and easy to use interface. This provider is a great option for anyone who wants to use a VPN but doesn’t want to have to deal with complicated interfaces.
PrivateVPN’s network is comprised of over 100 servers in 56 different countries. While this is no match for some of its competitors’ hundreds if not thousands of servers, the provider seems to be doing a good job of remaining unnoticed by Netflix. This is a provider that can deliver the speed, the security, and the location variety that you’re looking for. On the security front, it uses 256-bit AES encryption and it keeps your connection safe with the usual automatic kill switch and DNS leak protection. Furthermore, the supplier has a zero logging policy on all traffic for an excellent level of privacy.
Read more about PrivateVPN’s intuitive software and features in our complete PrivateVPN review.
Last on our list is PureVPN, a VPN supplier which is known for its fast and unrestricted access to the internet. Don’t let its ranking lead you to believe it is not good. After all, it is in the top five. The provider has a large network of 750 servers in a whopping 141 different countries. They’re almost everywhere. In addition to locations, PureVPN offers speedy connections, strong encryption algorithms, a zero-logging policy, unlimited bandwidth, DNS leak protection, and a quick kill switch to make sure your data always stays safe from hotel hackers in case the tunnel ceases working unexpectedly.
As far as encryption goes, PureVPN leaves nothing to be desired and uses only the best. The provider uses top-of-the-line, military-grade (up to) 256-bit encryption to protect and safeguard user’s data from falling into the wrong hands. Furthermore, it offers all the latest security and connectivity protocols. Those include OpenVPN, L2TP/IPSec, PPTP, SSTP, and IKEv2. The usability of a VPN is closely related to the client application it comes with. To that effect, PureVPN writes its own software for all major platforms, giving you an excellent integrated experience.
Read our full PureVPN review.
If you need a VPN for a short while when traveling for example, you can get our top ranked VPN free of charge. ExpressVPN includes a 30-day money-back guarantee. You will need to pay for the subscription, that’s a fact, but it allows full access for 30 days and then you cancel for a full refund. Their no-questions-asked cancellation policy lives up to its name.