Ask the Expert: Am I Safe Using My Laptop in My Hotel Room?

wifi safety
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Q: The hotel that I sometimes stay in offers either WiFi or cable connection in my room. I know that WiFi can be hacked into, so I always connect via cable. My communications are safe that way, right?

A: The answer is “no.” Your communication is just as vulnerable when using a hotel cable connection as it would be if you were using WiFi.

This actually was one of the most shocking things that I learned about Internet communications before starting Private Communications Corporation. Like many of you, I was dimly aware about the vulnerability of WiFi . But I assumed that if I plugged directly into the hotel’s network with a cable that I was safe.

This turns out to be false.

To understand why, we have to look back about 35 years. The technology used for most in-house networks, called Local Area Networks (LANs), originated back in the mid-1970s at Xerox’s famous PARC research lab. LANs were designed to be able to share information within an organization, such as a business. It was assumed, then, that everyone on the LAN could basically be trusted, so no security was necessary.

And that fundamental oversight has been carried forward ever since.

That is not a major problem when the LAN is used internally, such as a business. But the same technology is used for hard-wired Internet access in hotels, and that is a serious problem.

Promiscuous Monitoring, ARP Spoofing

There are several ways to hack hotel LANs, but two the two main ones carry the colorful names of “promiscuous monitoring” and “ARP spoofing.”

Promiscuous monitoring can be used on hotel networks which use a “hub” configuration, which passes everyone’s communication thorough the same cable. (Only about 20% of hotels use this technique, but you have no way of knowing whether they do or not.) So all a hacker has to do is turn on an option in his “network interface card” to listen “promiscuously,” and the communications from every hotel guest can be captured and stored on his laptop.

Almost every laptop, whether PC or Mac, has the ability to do this. It only takes a bit of software that, naturally, is readily available on the Internet.

“ARP spoofing” is more insidious yet also more esoteric as it is very difficult for the hotel to protect against. (That is one reason why most hotels actually have two LANs – one for their internal business, the other for guests.)

With ARP spoofing a hacker convinces the network his laptop is actually that central node with the Internet connection, so all the guest’s communications are re-directed to through him. This is called a man-in-the-middle attack. He can store your communication – or even modify it if he wishes – before sending it on to the Internet. Chances are, no one will ever know what happened. At least until the next credit-card billing cycle.

The only way to protect yourself in hotels, whether using WiFi or a cable connection, is to use a VPN such as Private WiFi™.

Editor’s note: Have a question you’d like to submit for an upcoming “Ask the Expert” column? Email your name and question to privatei@privatewifi.com.

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Kent Lawson

Kent Lawson is the CEO & Chairman of Private Communications Corporation and creator of its flagship software PRIVATE WiFi. He combined his extensive business and technical experience to develop PRIVATE WiFi in 2010. The software is an easy-to-use Virtual Private Network (VPN) that protects your sensitive personal information whenever you’re connected to a public WiFi network. Follow Kent on Twitter: @KentLawson.

9 Responses

  1. Alexandria says:

    Hi! Do you know if they make any plugins to assist with SEO?
    I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good gains. If you know of any please share. Many thanks!
    Here is my homepage; Backup Online

  2. Jon Donnis says:

    Ironically your self advertising article ends with your own software being advertised that would make no difference. If they are doing a man in the middle attack then they could also do ssl strip capturing the login for the VPN.

  1. February 8, 2011

    […] In this latest monthly installment of Ask the Expert, CEO Kent Lawson focuses on staying safe when you’re browsing online in your hotel room and the real reasons why a hotel cable connection is no safer than its WiFi connection. Go here to read the rest: Ask the Expert: Am I Safe Using My Laptop in My Hotel Room? […]

  2. June 2, 2011

    […] next time you hand over your credit card to the front desk or choose to access the Internet from “the safety” of your hotel […]

  3. June 6, 2011

    […] I read your article about the risks of using WiFi in hotels. I just don’t understand why hotels would offer me something that leaves me so exposed. Hotels […]

  4. October 19, 2011

    […] called ARP poisoning is one of the other popular techniques, and this visual shows you exactly how easy it is for a […]

  5. May 25, 2012

    […] wireless in hotels.  There are even risks while using cable Internet connections, since there are several ways to hack hotel local area networks, but two of the main ones carry the colorful names of “promiscuous monitoring” and “ARP […]

  6. December 19, 2012

    […] Scarier still, there are even risks while using cable Internet connections, since there are several ways to hack hotel local area networks, but two of the main ones carry the colorful names of “promiscuous monitoring” and “ARP […]

  7. March 25, 2013

    […] to your cellular provider and skip the hotel hotspots entirely. Issues with free hotel hotspots: Ask the Expert: Am I Safe Using My Laptop in My Hotel Room How to minimize the risks of using free public WiFi hot spots Can hotels sniff my internet […]