The next time you check into a hotel, you might find a cybercriminal hiding under your bed.
Figuratively, of course, but cybersecurity experts say hotels are becoming one of the riskiest places for travelers, and many threats await them right in their rooms.
"It's crucial to understand that the willingness of cybercriminals to intrude on your privacy or steal your data does not depend on your presence in the office or your holiday plans,” says NordVPN's cybersecurity expert Adrianus Warmenhoven.
“Hackers can use a hotel's cybersecurity vulnerabilities in several ways to reach you even in your room. So while you’re on vacation and using the internet connection of where you’re staying, you should be cautious and manage cybersecurity risks.”
Warmenhoven says those vulnerabilities start with the hotel’s free Wi-Fi. There are two ways in which hackers can steal travelers' passwords and personal information through a hotel's Wi-Fi.
One is where a guest connects to the hotel's Wi-Fi and malicious malware is downloaded to their device. The second is where hackers create sort of an "evil twin" – a fake, unsecured Wi-Fi hotspot with an unsuspicious name like "Guest Wi-Fi" or "Free Hotel Wi-Fi" – and steal private information that way.
"To avoid being hacked through hotel Wi-Fi, travelers must take a few steps. First, ask the person at the reception desk to give the exact name and password for the provided Wi-Fi to avoid connecting to an ‘evil twin’ network.
"Second, use a VPN service to encrypt your data and prevent third parties from intercepting it. Finally, it is always a good idea to enable a firewall while using public Wi-Fi," Warmenhoven said.
Another Wi-Fi-related issue could come from a guest using their device’s automatic connection function because hotels are frequently surrounded by public and insecure internet connections.
Disabling that option helps to mitigate cybersecurity risks on a trip, but Warmenhoven warns that if a traveler leaves their smartphone in their hotel room with the phone disconnected from Wi-Fi, the connection can automatically be turned on if, by chance, the hotel staff moves it while cleaning a room.
USB chargers can be trouble, too
Some hotels provide USB charging ports in their rooms for the convenience of their guests, an easy way to charge a device, especially if the traveler is coming from a location with a different kind of plug.
However, cybercriminals may have already beaten the guest to that charging port, installing malware on phones to perform an attack called juice jacking. When this type of attack happens, hackers can steal users' passwords, credit card information, address, name, and all sorts of data.
"Safe device charging on your way to your vacation spot might be challenging because you must carry a power bank or USB data blocker, but hotel rooms always have a socket. Usually, it's the safest way to charge your devices," says Warmenhoven.
Cyberstalking via smart TVs
The most unique hack these days comes from smart TVs. Depending on a hacker’s aim, they could cyberstalk travelers with built-in microphones or cameras, steal personal credentials used to log in to apps on smart TV and sell them on the dark web.
Experts recommend unplugging the smart TV when not in use. By covering the webcam and avoiding logging in with personal credentials, you can also mitigate cyber risks.