Is hotel Wi-Fi safe? Your guide to staying secure on public Wi-Fi

Wherever your next trip takes you, your hotel will hopefully come with a Wi-Fi connection, even if it’s off the beaten path. But should you use it, and what are the risks if you do? Learn what activities are safe on hotel Wi-Fi and ways to protect yourself if you do need to take care of sensitive matters online.

Is it safe to use hotel Wi-Fi?

No, it’s generally unsafe to use hotel Wi-Fi because many establishments have lackluster network security, older networking technology, and insufficient data encryption. Even if your hotel has a more modern WPA2 or WPA3 connection, you could still be exposed to threats on a shared public network.

This means that as you browse or enter information online, the data might not be fully protected from interception by others on the same network.

Even if you don’t sustain an attack on the hotel’s Wi-Fi, the hotel could still monitor and track your online activities for marketing purposes. Or, hackers could set up a rogue access point that imitates the hotel Wi-Fi’s name, tricking you into connecting to the wrong network.

How do attackers hack hotel Wi-Fi?

Since hotel Wi-Fi is a public network that anyone can connect to, you could be at greater risk of security threats like packet sniffing, man-in-the-middle attacks, and session hijacking. Here’s a look at threats you may encounter by connecting to or using a hotel network or accidentally joining a fake network:

• Man-in-the-middle (MITM) attacks: In MITM attacks, attackers actively intercept and sometimes alter messages you send. They may also eavesdrop on data as it’s transmitted to a website, before encryption.
• Packet sniffing: Attackers use specialized software to silently observe and record the data packets transmitted between your device and the internet.
• Evil twin attacks: Attackers create a fake Wi-Fi hotspot, known as an “evil twin,” that appears to belong to the hotel to trick you into connecting, allowing them to intercept your data and potentially install malware.
• Honeypot attacks: When attackers set up fake hotspots, they may add an appealing incentive, or honeypot, to attract victims. For example, if the real Wi-Fi name is “Hotel Wi-Fi,” they may adjust theirs to say “Free Hotel Wi-Fi.”
• Session hijacking: Attackers steal session cookies, which websites use to remember you after you’ve logged in, to impersonate you and access online accounts without having to re-enter your login credentials.

What are the risks of using hotel Wi-Fi?

If you use hotel Wi-Fi, attackers could potentially install malware on your device or intercept in-transit data. As a result of these attacks, you could be at risk of:

• Malware infection: If a hacker has access to shared resources on the hotel’s network, like a printer or file server, they can potentially upload malware. When you or another guest uses one of those resources, it can trigger a malware download.
• Blackmail: Attackers may use spyware, ransomware, or other methods to steal personal information, work data, and search history. They may even record you through your webcam. When armed with this leverage, they may extort you.
• Identity theft: Hackers lurking on the hotel’s Wi-Fi network may use tactics like packet sniffing — capturing and examining data packets as they travel over a network — to intercept sensitive information like your Social Security number.
• Account takeovers: If an attacker steals your login credentials when you use public Wi-Fi, they can access those accounts. And if you have a tendency to reuse passwords, they could use credential stuffing to access accounts you didn’t log into on the hotel’s network.
• Financial theft: Whether a hacker documents your financial details during a mobile banking or shopping session or tricks you into entering them on a fake web page, they can use that information to open accounts in your name or spend the money saved in your real accounts.

What should you avoid doing on hotel Wi-Fi?

You should avoid using hotel Wi-Fi for sensitive online activities like banking, accessing confidential work materials, or entering credit card details, since this information can directly facilitate identity or financial theft.

It’s also important to think before you browse. Be cautious when searching for places you plan to visit, personal problems, or financial difficulties. Hackers can use these details to find, extort, or otherwise manipulate you.

Be careful even when logging into private streaming services or social media accounts, since attackers could steal your login credentials. If you need to, you should use a VPN, have a password manager auto-fill your login information, and enable two-factor authentication for extra protection.

However, you can search for general facts, weather forecasts, sports scores, news articles, and public videos without too much worry, even if someone is watching your activity.

Before you start using a password-protected site or making telling searches, connect to Norton VPN. This will encrypt your internet traffic, making it difficult for hackers to steal your sensitive data, including login credentials, session cookies, and browsing activity.

How to stay safe if you want to use hotel Wi-Fi on your trip

The best ways to stay safe while browsing on your trip are to make sure you’re on the right Wi-Fi network, keep your software updated, use mobile data or a VPN, use a firewall and antivirus, and turn off your Bluetooth.

1. Make sure you’re connecting to the right Wi-Fi

Confirm the name of your hotel’s network to avoid falling for an evil twin or honeypot attack. When you try to connect, these bogus hotspots may present you with convincing login portal pages designed to steal your credentials and other sensitive information.

The easiest way to determine which network is correct is by asking the front desk staff. However, some signs that indicate a network is secure and legitimate include:

• The network is password-protected. Most hotels secure their networks, so internet access is only available to guests. Secure establishments should share login information privately, rather than posting it in public spaces like the lobby.
• The network name or SSID doesn’t include buzzwords like “free” or “guest.” Secure networks should have names or Service Set Identifiers that identify the owner or location rather than vague names like “Free Wi-Fi.” However, you’ll see many hotels break this rule.
• The network uses the proper encryption. If a hotel network uses WPA2 or WPA3 encryption, you’ll likely see a lock symbol beside the network name. This means its security is modern and secure.

2. Update your apps and operating system

Install app and operating system updates when they become available to patch security vulnerabilities that attackers could exploit. This will reduce the attack surface available for cybercriminals attempting to inject malware, intercept your data, or gain unauthorized access to your device while you’re connected to hotel Wi-Fi.

• Update iOS: Navigate to Settings > General > Software Update. If an update is available, select Download and Install to begin the installation.
• Update Android OS: Navigate to Settings > System (depending on your device, you may see About Phone or About Device instead) > Software update or System update. If an update is available, follow the on-screen instructions to install it.

3. Use a VPN

A VPN creates an encrypted tunnel for your internet traffic, making it unreadable to anyone monitoring the hotel’s Wi-Fi network. This encryption shields sensitive data like passwords and financial information as it travels, preventing attackers from easily intercepting and exploiting it, even if the Wi-Fi network itself is compromised.

Install a VPN before your next trip to help keep your browsing activity, physical location, and personal data private.

• VPN for Android
• VPN for iPhone and iPad
• VPN for Windows
• VPN for Mac

4. Install a firewall

A firewall acts as a barrier, monitoring and filtering incoming and outgoing network traffic. By blocking unauthorized connections and suspicious data packets, a firewall can keep attackers from directly accessing your device or exploiting vulnerabilities to install malware or steal data on shared networks.

5. Get an antivirus

Antivirus software can help keep viruses and other types of malware off your device by scanning files and programs. It will block and remove the threat if it detects anything malicious. This is an essential part of your security toolbox since it can intervene if malware bypasses earlier precautions or enters your system through an unexpected route.

Protect your devices with Norton AntiVirus Plus to detect and remove malware threats that worm their way past your device’s other defenses. It also helps block fake websites and comes with AI-powered scam detection, so you’re better protected online, at home, or in a hotel.

6. Turn off Bluetooth

Bluetooth is great for streaming music by the hotel pool or airdropping vacay pics to your travel mates. But, enabling it could also allow nearby hackers to exploit unpatched software flaws in your device’s Bluetooth to potentially gain unauthorized access, send malicious files, or track your location. Disable it when connected to hotel Wi-Fi to reduce potential entry points.

What to do if you’re the victim of a fake hotel Wi-Fi attack

If you accidentally connect to a malicious hotspot, you should disconnect, scan for threats, update your security, and take steps to limit the consequences.

Here’s what you need to do:

• Disconnect from the network: You should immediately disconnect from the fake hotel Wi-Fi to stop attackers from monitoring your activity and stealing your data.
• Scan your device for an infection: Scan your device for malware to confirm the malicious connection didn’t lead to infection.
• Update compromised passwords: Attackers may possess login credentials to any account you accessed on the hotel’s Wi-Fi. To confirm and prevent account takeovers, update your passwords quickly from a secure device and network.
• Warn your bank: If you believe financial information may have been compromised, talk to your bank about checking your statements for unauthorized activity and setting up fraud alerts.
• Freeze your credit: A credit freeze is a proactive measure that can help prevent identity theft and financial fraud by restricting access to your credit reports. This makes it harder for criminals who may have stolen your information to open new accounts in your name.
• Notify hotel staff: Give the staff a heads up about phony networks or eavesdroppers so they can warn guests and remove the attacker.

Browse safely from your hotel room

Attackers use several tactics to snoop on guests and steal data through public hotel networks. Norton VPN helps stop them by encrypting all internet traffic leaving and entering your device, creating a secure tunnel that prevents hackers from easily monitoring online activity or intercepting sensitive information like passwords and financial details.

FAQs

Can hotels track what you do on their Wi-Fi?

Yes, hotels can potentially track what you do on their Wi-Fi. However, most network administrators don’t make a habit of monitoring browsing activity. But if they were to check, they would likely see which websites you visited and the amount of data you used. It’s unlikely they’d be able to see what content you accessed on a given website.

Is it safe to use hotel Wi-Fi for banking?

No, it’s not safe to connect to hotel Wi-Fi for banking. These networks may be unsecured or lack the necessary encryption to protect your financial information. If you do need to access your bank account, connect to a VPN first.

Can my hotel see when I’m browsing in incognito mode?

Yes, the hotel’s network administrator can see what you’re browsing, even in incognito mode. Incognito only affects your local browsing history, meaning others using your device can’t see what you searched. It doesn’t mask your activity from the hotel since your internet traffic still passes through their network.

Is hotel Wi-Fi safe with a VPN?

A VPN makes hotel Wi-Fi significantly safer by encrypting your internet traffic before it leaves your device. This makes it tricky for attackers to intercept or change data during transit, even if they compromised the network. Even so, a VPN doesn’t eliminate all risks, so you should still take additional precautions, such as using an antivirus and avoiding suspicious links and downloads.