5 ways you can be hacked on holiday

Cybersecurity, News

While many Brits are planning their holiday, cybercriminals are preparing for work. Experts warn that hotels are among the riskiest places regarding cybersecurity with many threats awaiting travellers in their hotel rooms. 

“Hackers can use a hotel’s cybersecurity vulnerabilities in several ways to reach you even in your room. So while you’re on vacation and using the internet connection of where you’re staying, you should be cautious and manage cybersecurity risks,” says NordVPN‘s cybersecurity expert Adrianus Warmenhoven.

Here we look at five ways you can protect yourself from hacking on your holiday. 

1. Hotel Wi-Fi: Protect your connection

Every public internet connection has an increased risk of being used by cybercriminals, and hotel Wi-Fi is no exception. Hackers can use a hotel’s Wi-Fi to steal travelers’ passwords and personal information in two ways. One is to connect to the hotel’s Wi-Fi and install malicious malware. The second is to create a so-called “evil twin” – a fake, unprotected Wi-Fi hotspot with an unsuspicious name like “Guest Wi-Fi” or “Free Hotel Wi-Fi” – and steal private information this way.

“To avoid being hacked through hotel Wi-Fi, travelers must take a few steps. First, ask the person at the reception desk to give the exact name and password for the provided Wi-Fi to avoid connecting to an ‘evil twin’ network. Second, use a VPN service to encrypt your data and prevent third parties from intercepting it. Finally, it is always a good idea to enable a firewall while using public Wi-Fi,” says Warmenhoven.

2. USB charger: Use a socket instead

For the convenience of visitors, some hotels install USB charging ports in hotel rooms. This is a tempting way to charge a device, especially if the traveller is coming from a location with a different kind of plug. However, it may introduce the risk of becoming a victim of cybercriminals. Hackers can modify public places’ charging cables to install malware on phones to perform an attack called juice jacking. This type of attack allows hackers to steal users’ passwords, credit card information, address, name, and other data.

3. Smart TV: Stop TV from cyberstalking

With an established connection to local Wi-Fi to allow travellers to access apps and streaming platforms, a smart TV can become a gateway for cybercriminals. Depending on the aim of intruders, a hacked smart TV could be used for a number of cybercrimes: from cyberstalking travellers with built-in microphones or cameras to stealing personal credentials used to log in to apps on smart TV and selling them on the dark web.

Cybersecurity experts advise keeping the smart TV unplugged from power sources when it’s not being used. Covering the webcam and avoiding logging in with personal credentials also mitigates cyber risks.

4. Automatic connections: Disable auto-connections to Wi-Fi, enable security apps

Keeping the automatic connection function disabled helps to mitigate cybersecurity risks on a trip because devices may be surrounded by public and insecure internet connections. Moreover, some travelers leave their smartphone in their hotel room and forget that even if they leave a device disconnected from Wi-Fi, it can automatically turn on, for example, after the hotel staff moves it while cleaning a room. 

Disabling automatic connection is one solution to protect your device. The second is to enable auto-connection to security apps, such as firewalls or VPNs. This way, even if the device connects to Wi-Fi, it remains protected from cybercrimes.

5. Phishing attacks: Be attentive

Unfortunately, complete prevention of cyberattacks can be challenging, especially when it comes to professional hackers aiming for high-value targets. One of the best-known examples is the cyberattack group DarkHotel, which has been known to compromise the Wi-Fi of luxury hotels by combining spear phishing, dangerous malware, and botnet automation designed to capture confidential data.

Because the group seeks out only high-value targets — C-level executives, politicians, representatives from military-related organizations, and pharmaceutical company representatives — phishing emails are tailored to each target and are highly convincing. 

“Effective protection from sophisticated cyberattacks is possible by using trusted VPN and internet security apps as well as regularly updating software. Nevertheless, travellers should always be aware of phishing attacks: Verify the authenticity of suspicious emails and executable files and pay attention to odd spelling. These habits remain valuable during vacation as well as when you return to the office,” concludes Warmenhoven.

Chris Price
For latest tech stories go to TechDigest.tv