Over the years, Wi-Fi has emerged as one of the top guest amenities at hotels. In fact, according to a recent survey, 90% of respondents claim that a Wi-Fi connection is “very important,” and 58% stated that the quality of that service was “highly likely” to impact their booking decisions. Yet despite the need for all this access, guests are concerned about security and online safety – and they should be. In many cases, hotel rooms serve as a remote office for workers, where confidential corporate and personal information is exchanged. With a steady stream of media stories showcasing data breaches and vulnerabilities (think Dragonblood), guests are rightfully suspicious of the security hospitality organizations are providing when it comes to the Wi-Fi network.
However, most guests (and hoteliers) don’t truly understand the Wi-Fi threats they face. There are actually six main Wi-Fi threat categories that are defined by the Trusted Wireless Environment framework. One of the most prolific attacks – known as the Evil Twin Access Point (AP) attack – is more than twenty years old but is still wreaking havoc on a hotel brands and reputations around the world. The scariest part about it: it’s incredibly easy to perform, requiring only novice skills often obtained on YouTube, and it can be done with perfectly legal Wi-Fi hacking tools available on the public internet.
How does it work? First, a hacker inside a hotel or close to one outside uses a Wi-Fi tool to broadcast the same Wi-Fi network name (also known as SSID) as the hotel’s Wi-Fi. For example, if the hotel broadcasts “Hotel Guest Wi-Fi,” the attacker uses their tool to also broadcast “Hotel Guest Wi-Fi.” This Evil Twin network will look identical to the real network. There are also Wi-Fi tricks that encourage guests’ phones, laptops, watches and tablets to automatically connect to the Evil Twin network instead of the real one. Once connected to the Evil Twin, guests are able to browse the web, access email, log into their customer and sales management cloud applications, order products online, etc., but all the while the attacker is silently intercepting all of their information. Guest’s passwords, credit card numbers, and other sensitive corporate and personal information could all be stolen.
How bad is the problem? WatchGuard Technologies (a cyber security company that offers Wi-Fi security; and, full disclosure, the company I work for) recently set out to test the security of public Wi-Fi hotspots against Evil Twin attacks at more than 45 locations across five countries, including 12 hotels and 13 airports. Only four locations (9%) had adequate protection in place against Evil Twin attacks and of those, no hotel passed the test. The four locations that did pass were located within the United Kingdom. All other failed test locations were at well-known retail, restaurant, and transportation brands located in the U.S., Germany, Brazil, and Poland. The problem isn’t with any one specific vendor or hotel/restaurant chain – it’s an issue across the hospitality industry overall. This security testing research is continuing with more worldwide locations, and there are plans to collaborate with brand owners to test for the other additional five Wi-Fi attack categories.
- Rogue AP: APs that are physically connected to a network, but shouldn’t be, allowing attackers to bypass perimeter security.
- Rogue Client: A user’s device gets infected and delivers a malware payload to the network after its connected to a legitimate AP.
- Neighbor AP: A client devices on the private network accidentally connect to a nearby neighboring SSID, and risks accidentally connecting to a malicious AP where an infection occurs.
- Ad-Hoc Connections: Users share files client-to-client or peer-to-peer (Air Drop for example), but bypass network security controls (convenient, but a risky exposure to malware).
- Misconfigured AP: The APs on the network are misconfigured and do not comply with minimum security standards such as encryption, opening the network to attacks.
To protect guests from these six Wi-Fi threats, network administrators should consider implementing a Wireless Intrusion Prevention System (WIPS). WIPS is a term used to describe a set of security features within APs that constantly scans the air space for the presence of Wi-Fi threats, and then takes action to neutralize them automatically. WIPS implementation can vary widely across different Wi-Fi manufacturers, making some solutions more effective at protecting against these six threats. To ensure your deploying the best possible solution, evaluate products that have been independently tested, and that are proven to automatically detect and prevent these six Wi-Fi threats.
If you’d like to see a global standard for Wi-Fi security, visit this link and sign the petition today!
Ryan Orsi is Director of Product Management for Secure Wi-Fi solutions at WatchGuard Technologies, a global leader in network security providing products and services to more than 80,000 customers worldwide. He has experience bringing disruptive wireless products to the WLAN, IoT, medical and consumer wearable markets. He holds MBA and Electrical Engineering degrees and is a named inventor on 19 patents and applications.