FBI Warns Consumers About Hotel WiFi Networks

On October 6, the U.S. Federal Bureau of Investigation (FBI) issued a public service announcement warning guests against working at hotels instead of at home. According to the announcement:

"The Federal Bureau of Investigation is issuing this announcement to encourage Americans to exercise caution when using hotel wireless networks (Wi-Fi) for telework. FBI has observed a trend where individuals who were previously teleworking from home are beginning to telework from hotels. US hotels, predominantly in major cities, have begun to advertise daytime room reservations for guests seeking a quiet, distraction-free work environment. While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks. Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests."

The announcement goes on to list a number of ways in which hotel guests can have their information hacked by bad actors including: "monitor[ing] a victim’s internet browsing or redirect[ing] victims to false login pages. Criminals can also conduct an 'evil twin attack' by creating their own malicious network with a similar name to the hotel’s network. Guests may then mistakenly connect to the criminal’s network instead of the hotel’s, giving the criminal direct access to the guest’s computer.

The FBI also pointed out that many hotels make the WiFi network password available at the front desk for anyone to see and use, change the password infrequently, and have outdated hardware that hasn't been updated with recent security patches. All of these bad practices make it very easy for criminals to access, target, and attack guests using the hotel internet. 

The FBI goes on to list signs one's device has been compromised, what to do if it has been compromised, and best practices for using the hotel network if guests have to do so.