Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.


How hackers exploit hotel Wi-Fi

20 May 2015, 09:11

Johannesburg - Poorly secured Wi-Fi networks at hotels are spurring on cyber criminals to swoop in and steal guests’ private information, warns PricewaterhouseCoopers (PwC).

The security of guest information and operational technology has emerged as a business risk for the hotel industry, according to PwC’s Hospitality Outlook 2015-2019.

“For business travellers, access to fast and low-cost internet is a must have. But these Wi- Fi connections are not always secure. And that is a security gap that cyber criminals are making use of,” says Nikki Forster, hospitality industry leader for PwC, Southern Africa.

PwC says cyber criminals are targeting hotel networks and infecting computers with an aim to steal personal information of guests.

Techniques that hotel hackers use range from the mathematical to crypto-analytical, says PwC.

“This is usually done by hackers waiting for guests to check in and log on to the hotel Wi-Fi by usually submitting their room number and surname,” says Veneta Eftychis, senior manager, PwC hospitality and gaming industry.

“Thereafter the hotel guest gets tricked into downloading and installing a so-called backdoor file, which pretends to be an update for legitimate software, such as the Google Toolbar or Adobe Flash.”

PwC explains that unsuspecting guests could risk downloading this hotel ‘welcome package’ only to infect their machines with spyware.

The likes of key logger malware could then find its way onto a guest’s computer, possibly resulting in hackers snooping on login credentials or private information.

PwC’s Eftychis says some hackers even appear to know the names, arrival and departure times, and room numbers of hotel guests in these attacks.

The hotel hackers also typically delete their tools from the network and go back into hiding afterwards, notes PwC.

One such group dubbed ‘DarkHotel’ group is said to have been active for the past four years and targets high profile guests in free Wi-Fi zones.

Meanwhile, South African hotels were also targeted by fraudsters in 2012 and 2013 who used malware known as Dexter. The malware skimmed and transmitted credit cards’ magnetic-strip information, allowing clones to be made.

Tips for hotels and their guests

Safeguards that hotel guests can employ to protect themselves range from ensuring they have the latest antivirus installed to not updating software or opening files on untrusted networks.

PwC’s Eftychis also advises that hotel guests use a virtual private network (VPN) to establish an encrypted communication channel when accessing hotel Wi-Fi.

In addition, hotels can also do more to protect their networks by implementing up-to-date prevention and risk management practices.

Also read: Britons sign away first-born children for free wifi

Theft by employees should also be accounted by hotels as food and beverage servers can use small devices - hidden in pockets - to swipe customer credit cards and steal this data.

Hotels should also make sure that responsibility for data security is part of the chief information officer or chief security officer’s responsibilities.

A risk assessment of hotel Wi-Fi networks should also be conducted, says Eftychis.

“Unfortunately cyber criminals are getting faster and more sophisticated – to stem the tide hotels also need to stay proactive and put a strategy and incident response plan in place. As part of the plan hotels should be aware of policies and processes relating to data breach, and educate staff on protocols,” says Eftychis.

For the latest on national news, politics, sport, entertainment and more follow us on Twitter and like our Facebook page!

- Finance24


Read News24’s Comments Policy

Comment on this story
Comments have been closed for this article.

Read more from our Users

Submitted by
Wilson Ochieng
DP Ruto accuses Raila of selling ...

DP Wiliam Ruto has castigated Raila Odinga for seeking western support to fund his 2017 election bid. Read more...

Submitted by
William Korir
Peter Kenneth announces Uhuru 201...

Peter Kenneth has announced that he will support President Uhuru Kenyatta in the 2017 elections. Read more...

Submitted by
Wilon Ochieng
Labour Party to dump both Jubilee...

The Labour Party of Kenya is likely to avoid supportoing both the CORD and Jubilee factions during the 2017 General Elections. Read more...

Submitted by
William Korir
Ukambani MP quits Jubilee, to run...

An Ukambani MP has quit the Jubilee Party, citing voter apathy as his reason behind leaving the ruling coalition. Read more...

Submitted by
Victor Tinto
Government launches probe into Po...

The government has launched an inquiry into the circumstances that could have led to two National Police Service helicopter accidents in August and September this year. Read more...

Submitted by
Wilwon Ochieng
Deputy Governor's ally found with...

The EACC has recovered KES 2 million in fake currency from a close ally of Deputy Governor for Tharaka Nithi Eliud Mati. Read more...