back to article Hotel Wi-Fi not only hideously expensive – it's horribly insecure

Travelers are used to getting screwed over by hotel internet access. But it's not just the eye-watering Wi-Fi prices guests should be worried about. A major security flaw in a network gateway popular among hoteliers can be exploited by hackers to launch attacks against guests by injecting malware into their downloads over …

  1. elDog

    Anybody not running through a VPN deserves what they get, bedbugs and all.

    There is no security amongst thieves, including the hotel operators. I put my faith in a VPN on my laptop (Personal Internet Access) and on all my mobile devices. Now if PIA is hacked, I'm toast but perhaps not as burnt as some.

    1. benoliver999

      Re: Anybody not running through a VPN deserves what they get, bedbugs and all.

      It's also easy enough to set up your own VPN, if you're worried about getting hacked. Not AS easy as signing up to a 3rd party service, but not too bad.

      1. LDS Silver badge

        Re: Anybody not running through a VPN deserves what they get, bedbugs and all.

        Setting up a VPN is easy only if you are enough a tech expert. For most people, it isn't. Many don't know what a VPN is.

        But I guess for you it's also easy to grow, and maybe kill, your food, sewn your clothes, and build your transport vehicles.

        It's up to the hotel tech management to ensure clients gets a secure environment - rooms, food, wifi, which is what they pay for.

        1. Khaptain

          Re: Anybody not running through a VPN deserves what they get, bedbugs and all.

          "But I guess for you it's also easy to grow, and maybe kill, your food, sewn your clothes, and build your transport vehicles."

          I can do VPN and all of the above except for building transport vehicles but that is nothing that can't be resolved by using the same tools as those used in the killing of the food scenario.

        2. Trevor_Pott Gold badge

          Re: Anybody not running through a VPN deserves what they get, bedbugs and all.

          NordVPN is a really easy to use third party VPN service.

          1. LDS Silver badge

            Re: Anybody not running through a VPN deserves what they get, bedbugs and all.

            Not everybody speaks English, thereby you may need to found someone offering service and support in your language. You also need to trust the VPN provider. For most business users paying for a good VPN support, if not working for a company offering (and making mandatory) its own one make perfect sense, but the casual tourist? Buy a VPN service for a two week vacation? Maybe should be added to the travel package...

            Anyway, once you're connected to a network, a VPN will protect data transfers, but your machine, until properly secured, is still exposed to active attacks from the compromised network.

  2. Anonymous Coward
    Anonymous Coward

    Internet is a utility. I look for hotels that don't charge me for water, power, or internet.

    1. Robert Helpmann??
      Childcatcher

      Internet is a utility

      This sort of arrangement has been targeted at convention-goers and the spaces in which hotels host large get-togethers. It is common to offer internet access in the rooms of their paying customer and occasionally within some public spaces, but to block access for vendors operating out of an event area unless they go through the hotel for access. Thus it is common to for hotels to advertise internet access as part of their room package only to deny it elsewhere in the hotel for those same people who are only there to work at a convention held on the premises.

  3. John H Woods

    There are precisely three WiFi networks ...

    ... where VPN is not always necessary

    1. Your own home network

    2. Your employer's network

    3. Your tethered mobile's network

    However, even in these cases there are good reasons to VPN.

    1. You don't want your ISP to track your internet usage

    2. Both 1 and you may want to go round an e.g. Websense box ("No, boss, I'm not on Stack Overflow being 'social', I am taking self-directed action to learn the stuff I can't get from the company's $0/yr training budget"

    3. Both 1 and you may want, $DEITY forbid, to look up the location of a pub on your PAYG mobile without having to take a passport, driving licence or credit card to the mobile store to prove that you are over 18.

    1. h4rm0ny

      Re: There are precisely three WiFi networks ...

      >>"3. Both 1 and you may want, $DEITY forbid, to look up the location of a pub on your PAYG mobile without having to take a passport, driving licence or credit card to the mobile store to prove that you are over 18."

      This has happened? What idiotic network provider did something this stupid and intrusive?

      1. Colin 22

        Re: There are precisely three WiFi networks ...

        Happened to me, no pub related searches/directions. I my case it wss O2 in the UK when they first brought in filters

    2. gerdesj Silver badge

      Re: There are precisely three WiFi networks ...

      "There are precisely three WiFi networks ...

      ... where VPN is not always necessary

      1. Your own home network"

      Your home WiFi _VLAN_ surely? I have three - one for laptops etc, another for phones and other devices and the last for guests. Management is on yet another VLAN, as are servers. Cameras and IoT stuff get another. No - I don't have an all/all firewall rule on each router interface!

      Not your average home setup. I also have a huge roll of ali foil and hat making instructions for all guests (who are increasingly rare these days, for some reason.)

      Cheers

      Jon

    3. LDS Silver badge

      Re: There are precisely three WiFi networks ...

      Well, some business may ask you what you're doing if you're using an unauthorized VPN from inside their networks.. and then show you the door.

      1. John H Woods

        Re: There are precisely three WiFi networks ...

        "Well, some business may ask you what you're doing if you're using an unauthorized VPN from inside their networks.. and then show you the door." --LDS

        Ok, I was being a little facetious but there are real world situations: for instance, my company, a big consultancy, does, for all its many faults, treat us like grown ups with regard to web access. Many of our clients, given the areas in which they work, have to have very restrictive whitelists. So, if you need to look something up in an ORACLE forum, for instance, and you're at client site as a guest on their network, you VPN into our corporate network (obviously whitelisted) from the client and bob's your uncle. It's all perfectly acceptable. And my strategy for accessing non-work-related websites is just as straightforward - I wait till I'm not at work :-)

  4. Anonymous Coward
    Anonymous Coward

    And this is news ?

    Has author of this piece been hiding in a cave for the last 20 years ?

    1. JLV

      >hiding in a cave

      I suspect the existence of an unsecured rsync is news, yes...

      If only due to level of stupidity it shows from the vendor.

      And, I agree with another poster, hotels cater to other folks than just infosec geniuses like yourself. Their responsibility to their guests include having a reasonably secure environment.

    2. Anonymous Coward
      Anonymous Coward

      No genius required, treat all public wifi and networks as hostile so use a VPN. Would you go to an orgy without a packet of condoms ?

      The price of hotel wireless has traditionally always been expensive, especially for conferences.

  5. Anonymous Coward
    Anonymous Coward

    All of IT security is a a Sticking Plaster...

    Fundamentally the Internet is not designed to be secure. Worse still there's massive disagreement on what 'secure' means anyway. All the tools we have (encryption, certificates, protocols) are half baked and do not do the job. Vendors like this make things worse by not even using these tools to the best possible extent, the complete opposite in fact.

    It is being used for things it was never designed for, and it shows.

    The only way to sort it out is throw it all away and do it again, properly.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022