Hotel Wi-Fi is not always safe. Actually, hotels are considered some of the riskier places to use Wi-Fi because they often lack basic security features. Additionally, hotel Wi-Fi networks are attractive targets for hackers due to the large number of people who use them.
But that doesn’t mean you shouldn’t use the internet in your lodgings. Before you tap connect, take a few precautions to protect your security, such as a VPN download.
Jump to…
Why hotel Wi-Fi isn’t always safe
How do hotel Wi-Fi attacks work?
What are the risks of unsecured hotel Wi-Fi?
How to stay secure on hotel Wi-Fi
How a VPN can protect you on hotel Wi-Fi
Why hotel Wi-Fi isn’t always safe
Hotels make excellent targets for cyber criminals for a couple of reasons. Not only can nefarious actors find a large concentration of potential targets, but the network security can be rudimentary to nonexistent.
Even the FBI has issued warnings on the dangers of using hotel Wi-Fi, pointing out that hotels favor convenience for guests over security measures, especially since there is no specific hotel industry standard for secure Wi-Fi access.
Here are a few reasons hotel Wi-Fi can be especially risky:
- Easy to join. Hotel Wi-Fi is easy to join—especially if there are no credentials required—but that also applies to hackers. Being on the same network as someone with nefarious intentions increases your risks. However, strong encryption would protect against such an attack.
- Crowded digital space. Hackers could more easily attempt a man-in-the-middle attack, which requires physical proximity to the target. The concentration of people in a hotel trying to use the same network gives hackers an advantage.
- Outdated hardware. Many hotels still use outdated routers that lack security updates and use weak encryption. This increases vulnerability for users.
How do hotel Wi-Fi attacks work?
Understanding what a hacker might try to do to someone using hotel Wi-Fi could help you protect yourself. Here are some of the ways an attacker can hack hotel Wi-Fi:
- Evil-twin attack. With this method, criminals create a network with a similar name to the hotel’s network and gain direct access to the computer of any guests who accidentally connect to it.
- Man-in-the-middle attack. In man-in-the-middle attacks, a hacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
- Packet sniffing. This is where a hacker records the packets of data that pass between you and an unsecured Wi-Fi router.
- Router hacking. Perhaps the most devastating attacks possible would involve hacking a hotel’s router. This could give attackers access to information ranging from guests’ credit-card details to keycard systems.
Can hotel Wi-Fi see what you’re doing?
Wi-Fi admins could potentially see what you’re doing if your connection is unencrypted. While they probably won’t be able to read your messages, they might be able to know the sites you visit and how much time you spend on them, while connecting this information back to your room number.
If your connection is encrypted, such as with a VPN, admins will only be able to see packets of encrypted data being sent to the server from a device, but not what the packets contain.
Read more: Wi-Fi router logging
What are the risks of unsecured hotel Wi-Fi?
It’s best to use mobile data instead of hotel Wi-Fi, especially for sensitive tasks. While free hotel Wi-Fi is attractive, it’s an easy target for hackers. Here are some risks of using hotel Wi-Fi:
- Data theft. Hackers can eavesdrop on unencrypted hotel Wi-Fi networks and steal personal information, such as login credentials, credit card numbers, and emails.
- Malware attacks. Attackers can set up fake Wi-Fi networks that mimic the hotel’s real one. If you connect unknowingly, they can install malware on your device remotely.
- Phishing attacks. An attacker can send messages that appear to be from the hotel itself and contain malicious links, tricking you into revealing sensitive information.
- Spying threats. Hotel Wi-Fi admins or hackers can monitor and log the sites you visit and connect them back to you.
How to stay secure on hotel Wi-Fi
Here are a few things you can do to keep yourself secure:
1. Use a VPN to encrypt your traffic
This is simply the easiest way to stay safe on public Wi-Fi. A VPN sends all your online traffic through an encrypted tunnel, so even if someone intercepts your activity, they won’t be able to see any of it.
2. Always confirm the hotel network’s name before connecting
While it might be tempting to connect to the first Wi-Fi name you see when you’re in line to check in, you can avoid fake Wi-Fi networks (set up by hackers) by being 100% sure about the hotel Wi-Fi’s name.
3. Use your phone as a hotspot instead of Wi-Fi
One option is to not use hotel Wi-Fi. If you’re getting data on your phone—admittedly unlikely if you are traveling internationally—you can use it as a Wi-Fi hotspot for other devices such as a laptop. Alternatively, you could use a portable router, which is a small device you carry with you and top up with data as needed using a credit card. You connect to it with a password in the same way you’d use any Wi-Fi network.
These hotspots are harder to attack because they’re moving, and they are less attractive to attackers because there are fewer people using them.
Read more: How to keep your mobile hotspot secure
4. Always keep software up to date
You should be keeping your phone’s operating system up to date whether you’re on public Wi-Fi networks or not. Vulnerabilities are found all the time, some of them posing great risk to your device or privacy. Tech companies constantly release new versions of software that include fixes to these bugs. Keeping your device up to date is a basic way to ensure your online security under any circumstances.
5. Encrypt your data using Tor or other methods
While the easiest way to encrypt your connection is with a VPN, there are other methods. These include using the Tor Browser, which relays and encrypts your traffic three times when you browse, increasing your anonymity. You can also ensure that the sites you visit use HTTPS rather than HTTP, as indicated by a padlock symbol next to the URL. However, these methods won’t protect your whole device, including connections to apps, like a high-quality VPN would.
6. Turn on a firewall
A firewall offers extra security by blocking any suspicious incoming traffic before it can infiltrate your device. However, while computers come with firewall software, mobile phones generally do not.
Read more: The internet is safer now—but a VPN is still essential protection
7. Beware of suspicious links and attachments
Stay on guard when you’re on hotel Wi-Fi. If a strange pop-up appears prompting you to click, it might be an attempt by an attacker to send you malware or intrude on your browsing. That said, you should never click on suspicious links or attachments, even when you’re at home. Always try to verify that the sender is legitimate first and look for misspellings or extra words in URLs that indicate a fake site.
Read more: What is URL phishing?
8. If a public Wi-Fi requires personal details, give fake ones
Public Wi-Fi in airports or cafes might ask for information about you before allowing you to proceed. If this is simply for data collection and not to verify your identity, or if you’re not sure of the purpose, then always try to provide fake information first.
In hotels, it’s more often that your name and room number that are required to verify the user. If it requires any other details, make it up.
How a VPN can protect you on hotel Wi-Fi
The risk with hotel Wi-Fi is the networks tend to have poor security, meaning it’s easy for intruders and hackers to break in and attack users or see what you’re doing online.
The answer is strong encryption, and a VPN app is the easiest way to encrypt your online activity. This means no one can see what you’re doing online and no one can read what you’re transmitting over the internet apart from you and the site, service, or person you’re communicating with. The internet service provider, Wi-Fi admin, and attackers (such as man-in-the-middle attackers) won’t be able to intercept or observe your activity.
You can use a VPN app on your individual devices. However, ExpressVPN’s Aircove Go portable router is designed for uses in places like hotels. Just connect the Aircove Go to your hotel Wi-Fi, and all your devices that connect to the Aircove Go will be protected with full VPN encryption and other benefits, such as a different IP address and features like our ad blocker.
Read more: What does a VPN hide?
FAQ: About hotel Wi-Fi safety
Can you get hacked using hotel Wi-Fi?
Yes, you can get hacked using hotel Wi-Fi, and in fact hotels are considered some of the riskier places to use Wi-Fi. Not only do they often have less-than-secure networks, but they are attractive targets for hackers due to the large number of people who use them. Moreover, it’s not possible for a hotel guest with average technical knowledge to be able to assess the security of the network.
Encrypting your connection with a VPN would go a long way to protecting your data and device.
Do hotels monitor their Wi-Fi?
It’s possible for a Wi-Fi admin to see what you’re doing over hotel Wi-Fi, if your connection is unencrypted. They might be able to see what sites you’re visiting or apps you’re using, and how much time you are spending on each. While it’s impossible to know if someone is actually snooping on traffic, the possibility is worrying enough.
Is it safe to connect your phone to hotel Wi-Fi?
It is safe if you take precautions. The best precaution to take is using a VPN to encrypt your connection. This ensures third parties like the internet service provider, Wi-Fi admin, and attackers are unable to intercept and observe your activity.
What should I do if I need to use hotel Wi-Fi for work?
Make sure that you’ve verified the Wi-Fi network name and password with the hotel. Choosing a network only based on a name that sounds plausible can be risky; someone might have created a fake network as a trap. Also ensure your connection is encrypted. The easiest way to do this is by installing a VPN app. You can now safely use hotel Wi-Fi.
Alternatively, it’s also possible that your company has a business VPN service for connecting to your company servers. But note that a business VPN is designed to protect your company’s security, not the user’s individual privacy.
Is hotel Wi-Fi safe for online banking?
Yes, if you stay alert to warnings. In general, online banking is a safe activity, since all banking websites use encryption and have precautions in place. A man-in-the-middle attacker could attempt to intercept your transmissions, but you would get warnings from your browser. If so, stop your activity immediately. Wait until you get home or switch to mobile data for a safer connection.
Protect your online privacy and security
30-day money-back guarantee
We take your privacy seriously. Try ExpressVPN risk-free.
What is a VPN?
Comments
Can you please clarify how using a VPN will bypass the throttling limitation set by the wifi policy?
While a VPN mainly helps hotel guests by securing their connections, there are certain scenarios where it might improve speeds. It’s possible for a hotel to throttle or even block certain websites, such as popular streaming services, and using a VPN would make it impossible for them to do so.
Good stuff. Now for a more meatier question— what about configurations for unlocked, no-SIM mobile Wi-Fi routers, and\or mobile satellite internet for those hardcore digital nomads who are working high up in the mountains or on a remote island, such as what is found on amazon by TP\-Link and other providers.
This was a good mini-reviewwith some timely suggestions. I used to carry an ethernet cable until I found that using my phone as a “Hot Spot” gave me improved security – for the very reasons you’ve stated. I always use a VPN and thank you for suggesting placing a VPN on our router.