The simple answer: Probably not. Your hotel’s Wi-Fi might lack basic security features. But even if its security is relatively sound, there are other risk factors associated with it being a widely shared network.
That doesn’t mean you shouldn’t use the internet in your lodgings. Before you tap connect, take a few precautions to protect your connection.
Read more: Ethernet vs. Wi-Fi: Which is better?
Why hotel Wi-Fi isn’t safe
Hotels make excellent targets for cyber criminals for a couple of reasons. Not only can nefarious actors find a large concentration of potential targets, but the network security hotel guests rely on can be rudimentary to nonexistent.
In October 2020, the FBI issued a warning on the dangers of using hotel Wi-Fi, pointing out that hotels favor convenience for guests over security measures, especially since there is no specific hotel industry standard for secure Wi-Fi access.
In many hotels, Wi-Fi passwords change infrequently, and they’re often found on placards at the reception desk. Under these circumstances, hacks can happen relatively easily using simple methods, and likely affecting a large number of guests.
While these scenarios aren’t necessarily the norm, there are plenty examples of hotel Wi-Fi attacks, like when Russian hackers used a leaked NSA tool to target hotel guests in 2017.
Here are some of the ways an attacker can hack hotel Wi-Fi:
With this method, criminals create a network with a similar name to the hotel’s network and gain direct access to the computer of any guests who accidentally connect to it.
In man-in-the-middle attacks, a hacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
This is where a hacker records the packets of data that pass between you and an unsecured Wi-Fi router.
Perhaps the most devastating attacks possible would involve hacking a hotel’s router. This could give attackers access to information ranging from guests’ credit-card details to keycard systems.
Can hotel Wi-Fi see what you’re doing?
Wi-Fi admins could potentially see what you’re doing if your connection is unencrypted. While they probably won’t be able to read your messages, they might be able to know the sites you visit and how much time you spend on them, while connecting this information back to your room number.
If your connection is encrypted, such as with a VPN turned on, admins will only be able to see packets of encrypted data being sent to the server from a device, but not what the packets contain.
How to stay secure on hotel Wi-Fi
Here are a few things you can do to keep yourself secure:
1. Use a VPN to encrypt your traffic
This is simply the easiest way to stay safe on public Wi-Fi. A VPN sends all your online traffic through an encrypted tunnel, so even if someone intercepts your activity, they won’t be able to see any of it.
2. Always confirm the hotel network’s name before connecting
While it might be tempting to connect to the first Wi-Fi you see when you’re in line to check in, you can avoid fake Wi-Fi networks (set up by hackers) by being 100% sure about the hotel Wi-Fi’s name.
3. Avoid using hotel Wi-Fi for banking
This tip sidesteps the problem rather than solving it, but it’s worth waiting to check your bank account when you get home rather than risk exposing it over hotel Wi-Fi. If your connection is not secure enough, an attacker might be able to steal your passwords and account details.
4. Use your phone as a hotspot instead of Wi-Fi
One option is to not use hotel Wi-Fi. If you’re getting data on your phone—admittedly unlikely if you are traveling internationally—you can use it as a Wi-Fi hotspot for other devices such as a laptop. Alternatively, you could use a portable router, which is a small device you carry with you and top up with data as needed using a credit card. You connect to it with a password in the same way you’d use any Wi-Fi network.
These hotspots are harder to attack because they’re moving, and they are less attractive to attackers because there are fewer people using them.
Read more: How to keep your mobile hotspot secure
5. Always keep software up to date to patch known security issues
You should be keeping your phone’s operating system up to date whether you’re on public Wi-Fi networks or not. Vulnerabilities are found all the time, some of them posing great risk to your device or privacy. Tech companies constantly release new versions of software that include fixes to these bugs. Keeping your device up to date is a basic way to ensure your online security under any circumstances.
6. Encrypt your data using Tor or other methods
While the easiest way to encrypt your connection is with a VPN, there are other methods. These include using the Tor Browser, which relays and encrypts your traffic three times when you browse, increasing your anonymity. You can also ensure that the sites you visit use HTTPS rather than HTTP, as indicated by a padlock symbol next to the URL. However, these methods won’t protect your whole device, including connections to apps, like a high-quality VPN would.
7. Don’t open any malicious links or attachments
Stay on guard when you’re on hotel Wi-Fi. If a strange pop-up appears prompting you to click, it might be an attempt by an attacker to send you malware or intrude on your browsing. That said, you should never click on suspicious links or attachments, even when you’re at home. Always try to verify that the sender is legitimate first.
8. If a public Wi-Fi requires your personal details, provide fake ones
Public Wi-Fi in airports or cafes might ask for information about you before allowing you to proceed. If this is simply for data collection and not to verify your identity, or if you’re not sure of the purpose, then always try to provide fake information first.
In hotels, it’s more often that your name and room number that are required to verify the user. If it requires any other details, make it up.
How can a VPN protect you on hotel Wi-Fi and other public networks
The risk with hotel Wi-Fi is the networks tend to have poor security, meaning it’s easy for intruders and hackers to break in and attack users or see what you’re doing online.
The answer is strong encryption, and a VPN app is the easiest way to encrypt your online activity. This means no one can see what you’re doing online and no one can read what you’re transmitting over the internet apart from you and the site, service, or person you’re communicating with.
Read more: What does a VPN hide?
FAQ: About hotel Wi-Fi safety
Can you get hacked using hotel Wi-Fi?
Yes, you can get hacked using hotel Wi-Fi, and in fact hotels are considered some of the riskier places to use Wi-Fi. Not only do they often have less-than-secure networks, but they are attractive targets for hackers due to the large number of people who use them. Moreover, it’s not possible for a hotel guest with average technical knowledge to be able to assess the security of the network.
Encrypting your connection with a VPN would go a long way to protecting your data and device.
Do hotels monitor their Wi-Fi?
It’s possible for a Wi-Fi admin to see what you’re doing over hotel Wi-Fi, if your connection is unencrypted. They might be able to see what sites you’re visiting or apps you’re using, and how much time you are spending on each. While it’s impossible to know if someone is actually snooping on traffic, the possibility is worrying enough.
Is it safe to connect your phone to hotel Wi-Fi?
It is unsafe if you don’t take precautions. The best precaution to take is using a VPN to encrypt your connection.
What should I do if I need to use hotel Wi-Fi for work?
Make sure that you’ve verified the Wi-Fi network name and password with the hotel. Choosing a network only based on a name that sounds plausible can be risky; someone might have created a fake network as a trap. Also ensure your connection is encrypted. The easiest way to do this is by installing a VPN app. You can now safely use hotel Wi-Fi.
Alternatively, it’s also possible that your company has a business VPN service for connecting to your company servers. But note that a business VPN is designed to protect your company’s security, not the user’s individual privacy.
Protect your online privacy and security
30-day money-back guarantee