Hotel WiFi Poses New Risks to Travelers

Russian hacker group APT28, or Fancy Bear, has been targeting victims via hacked hotel WiFi networks, states an Aug. 11 article on Wired.com and an Aug. 11 blog post from security research firm FireEye. Once the hackers gain access to a hotel's network, via phishing or other techniques, the hackers can then control the hotel's WiFi to harvest computer usernames and passwords without guests even needing to type them in while signed onto the hotel's network.

How is this possible? According to Wired, the hackers are using a tool called Responder which allows them to monitor traffic on hijacked networks and trick computers into connecting to them. It is able to do this when a victim's computer reaches out to known services such as printers or shared folders via a hotel's WiFi network; Responder impersonates the friendly services with a fake authentication process. This fools the victim's machine into transmitting its network username and password. While the password is sent encrypted, the encryption can be cracked.

FireEye warns that even using a VPN might not prevent the leakage of private credentials that Responder exploits. Instead, the safest approach is for traveler's with sensitive data to bring their own wireless hotspot and stay of a hotel's wireless network altogether.

Source:

https://www.wired.com/story/fancy-bear-hotel-hack/

https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html