Security risks of hotel Wi-Fi

Hotel door card with the Wi-Fi symbol.

Depending on where you live, there’s a good chance you haven’t entered an airport or stayed in a hotel over the past year and a half. That’s about to change for many of us, with countries loosening travel restrictions

But before you tap to join that hotel Wi-Fi network, take a moment to consider your security. The bad news is, there are plenty of risks with using hotel Wi-Fi. The good news is, it’s easy to protect yourself.

[Want more tips? Subscribe to ExpressVPN’s Blog Newsletter.]

Why hotel Wi-Fi isn’t safe

Hotels make excellent targets for cyber criminals for a couple of reasons. Not only can nefarious actors find a large concentration of potential targets, but the network security hotel guests rely on can be rudimentary to nonexistent.

In October 2020, the FBI issued a warning on the dangers of using hotel Wi-Fi, pointing out that hotels favor convenience for guests over security measures, especially since there is no specific hotel industry standard for secure Wi-Fi access. 

In many hotels, Wi-Fi passwords change infrequently, and they’re often found on placards at the reception desk. Under these circumstances, hacks can happen relatively easily using simple methods, and likely affecting a large number of guests.

While these scenarios aren’t necessarily the norm, there are plenty examples of hotel Wi-Fi attacks, like when Russian hackers used a leaked NSA tool to target hotel guests in 2017.

Here are some of the ways an attacker can hack hotel Wi-Fi:

Evil-twin attack

With this method, criminals create a network with a similar name to the hotel’s network and gain direct access to the computer of any guests who accidentally connect to it. 

Man-in-the-middle attack

In man-in-the-middle attacks, a hacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. 

Packet sniffing

This is where a hacker records the packets of data that pass between you and an unsecured Wi-Fi router.

Router hacking

Perhaps the most devastating attacks possible would involve hacking a hotel’s router. This could give attackers access to information ranging from guests’ credit-card details to keycard systems.

Safely go online in a hotel

Here are a few things you can do to keep yourself secure:

1. Use a VPN to encrypt your traffic

This is simply the easiest way to stay safe on public Wi-Fi. A VPN sends all your online traffic through an encrypted tunnel, so even if someone intercepts your activity, they won’t be able to see any of it.

2. Always confirm the hotel network’s name before connecting 

While it might be tempting to connect to the first Wi-Fi you see when you’re in line to check in, you can avoid fake Wi-Fi networks by being 100% sure about the hotel Wi-Fi’s name. 

3. Avoid sensitive websites and banking

This tip sidesteps the problem rather than solving it, but it’s worth waiting to check your bank account when you get home rather than risk exposing it over hotel Wi-Fi.

4. Use your phone as a hotspot instead of Wi-Fi

One option is to not use hotel Wi-Fi. If you’re getting data on your phone—admittedly unlikely if you are traveling internationally—you can use it as a Wi-Fi hotspot for other devices such as a laptop. Alternatively, you could use a portable router, which is a small device you carry with you and top up with data as needed using a credit card. You connect to it with a password in the same way you’d use any Wi-Fi network.

These hotspots are harder to attack because they’re moving, and they are less attractive to attackers because there are fewer people using them.

Read more: Ethernet vs. Wi-Fi: Which is better?

A phone with a padlock.
We take your privacy seriously. Try ExpressVPN risk-free.
What is a VPN?
My passions are politics, sports, and how data helps us understood both. I’m kind of like a discount Nate Silver who hasn’t been famously wrong about anything—yet.