• filter:

"unsecure, open" commercial WiFi

  • Page :
  • 1
  • Text Only
  • Search this Topic »
rated:
Due to employer decisions, I am now a long-term hotel guest. My hotel offers free WiFi. Compared to the hotel I stayed at previously, instead of having internet access upon launching a browser, this one takes me to the hotel's internet portal where I input a password before granting me access to the internet. The password changes weekly.

Concerned about security, I have asked hotel leadership about connecting to the network by wire; unfortunately, this is not possible as the building's original internet infrastructure ran from a modem; even if the circuitry was valid, an ethernet cable plug (RJ45) cannot fit into the wallplate's "Data" port as it is identical to a landline phone port (RJ11?).

Question: What actions, if any, can I take to increase the security of my internet use? I have limited my internet use to emails and browsing, however, I need to perform transactions (i.e. pay bills) on various financial sites. Does the changing password represent the equivalent level of security as plugging my laptop into the wall?

Thank you.

P.S. The "unsecure, open" label is what I observed when I initially searched for available networks. My connection currently reads "connected, open."

Member Summary
Staff Summary
Thanks for visiting FatWallet.com. Join for free to remove this ad.

rated:
You connect via a secure website (padlock?/ "https") when you pay your bills? Then there's nothing else that you need to do
You should also make sure that you are connecting with "https" (secure http) when you access your email

You might also consider buying a VPN to increase your security when the websites do not have this secuirty

rated:
Wifi is almost as secure as wired.
Unless you have the FBI in the next room with a wifi sniffer to read your data, then it's as secure as wired. (and if this is true, you should not be posting on Fatwallet)

Your bigger worry is that that hotel internet has been compromised and to solve that you would use a 'VPN' to scramble the data at the hotel connection side.

All bill pay sites have HTTPS which scrambles the data from your laptop to their site, but a VPN will scramble that you even went to that site in the first place.

That's about it. How much is security worth it to you?

rated:
WiFi is not almost as secured as wired. The signal is available to anyone within reach of it

rated:
Thank you, ellory and forbin4040, for your thoughts. The financial sites I visit do have the lock symbol on my Chrome browser when I log-in, so that much "may" be secure. Any recommendations on a VPN? I've never used one other than being aware of the government requiring personnel to use a government-VPN when checking out laptops for home use. I don't qualify for this as all my transactions are personal, not business.

rated:

rated:
The 'lock' means the data between the browser and the site is encrypted.

As I said, if you have people who are unscrambling your Wifi signal in the air, you have much bigger issues. Those people are on premise and are looking for a particular person. It's not like they can just sit in one location and wait till person 'X' gets there, they have to check all wifi connections.

Now, a better way is to monitor the hotel internet directly. That's how a hacker would get your data, it's better to have a direct connection and a lot less work to unscramble your ip signals.

HOWEVER, even if the Lock is there , the hacker knows you went to 'BankofAmerica.com' and will start paying particular attention to your data stream (Or try to spoof you to a fake 'bofa' site).

That's where a VPN comes in, once you get to the VPN (And the hacker knows you went to a VPN but can't do much about it, including trying to spoof it), then all transactions use the VPN's DNS, and not the hotels. Hence the hacker doesn't know where you went. Except he knows you went to a VPN.
(Yes there are a ton of other things the VPN does, but this is a layman's definition)

rated:
I've seen articles saying that hotel wifi can be very suspect, even if they promise security.

The articles recommend getting your own "hotspot" from a cell phone provider and using that instead of relying on the hotel connection. Can you do that?

(I do understand that having a VPN on the unsecure network would be a lot better than using it with no protections, so I'm not disagreeing with the VPN advice above.  But having your own hotspot might be safer and simpler, if the cellular connection is okay.)

You could also use the VPN with the hotspot,
and use it when there are times that your hotspot is not connecting well and you must use the hotel's wifi,
so it would probably be prudent to subscribe to a VPN now and get that set up on your computer, no matter what you end up doing for your day-to-day internet connection in the hotel.

---
There are hotels that have deliberately scrambled other wireless connections, beyond their own wifi, so people on-site HAD to use the hotel's wifi, but I think there have been some lawsuits about that and they may not be able to do it anymore. 
If it's still legal to do that, before you invest in a hotspot to use on-site, you might ask the hotel if they do anything like that.  I guess you could check out the data signal from your cell phone that you get inside your room, if you will be getting a hotspot from the same provider.

rated:
forbin4040 said:   

As I said, if you have people who are unscrambling your Wifi signal in the air, you have much bigger issues.
 

  But if the hotel network isn't set up very well, they have no need for that.  If it doesn't block peer access, for instance, someone on the same network can browse for any open network shares or ports.  This would be true even if you are connected with a wire.  And yes, plenty of smaller hotels don't know a damn thing about setting up networks, so make some very basic mistakes.

If it does block peer access, someone with some smarts can set up their own WAP and broadcast the hotel's SSID, causing you to sign in to that.  Then you are on their network so they can pretty much capture anything you do.  Once you go to HTTPS sites the data is encrypted, but until then it's all plain text.  Of course this would only be on WiFi and this is harder to do, but it can and does happen.

I agree with the above posts - VPN or cell plan hotspot.

rated:
Again, I want to thank all contributors for providing insight and discussion on my situation. Tracfone is my phone carrier; this limits any possibility for a cellular hotspot. Once my minutes are used up, I intend to switch to Mint SIM as the reigning low-cost U.S. cellular service provider; unfortunately, Mint also does not offer hotspot capability.

After viewing ellory's article, I am interested in Private Internet Access VPN but am unsure of the "Settings" that should be marked in its simple interface
PCMAG Private Internet Access VPN Write-up.

I could just be paranoid, but continuing to connect to a chronically "open" hotel WiFi network to perform personally sensitive transactions 'feels' scary.

rated:
Solomon960 said:   I could just be paranoid, but continuing to connect to a chronically "open" hotel WiFi network to perform personally sensitive transactions 'feels' scary.
 

It's not being paranoid, only prudent.  No need to explain your reasons here. 

Now, if you didn't think there was any sort of security concern with using the "naked" hotel wifi network, THAT would be a problem!

----
Don't use any for-paying-guests "public" computers the hotel might have set up (in the lobby, in the "business area", the breakfast room, whatever) -- especially don't plug in anything of yours to them. Those sorts of machines have often been found to have all sorts of bad stuff installed on them.

----
Speaking of "naked", if your room has a Samsung tv, remember that "off" may not really mean "off". 

rated:
You can also use your cell phone or iPad as a wifi hotspot and connect via that instead.

rated:
minidrag said:   
forbin4040 said:   

As I said, if you have people who are unscrambling your Wifi signal in the air, you have much bigger issues.

  But if the hotel network isn't set up very well, they have no need for that.  If it doesn't block peer access, for instance, someone on the same network can browse for any open network shares or ports.  This would be true even if you are connected with a wire.  And yes, plenty of smaller hotels don't know a damn thing about setting up networks, so make some very basic mistakes.

If it does block peer access, someone with some smarts can set up their own WAP and broadcast the hotel's SSID, causing you to sign in to that.  Then you are on their network so they can pretty much capture anything you do.  Once you go to HTTPS sites the data is encrypted, but until then it's all plain text.  Of course this would only be on WiFi and this is harder to do, but it can and does happen.
 

  As I said, no matter how many Black Hats there are out there, how many will sit at a single hotel wifi and try to get the people who wifi connect.
Now if they are at a conference, then yes I can see why someone wants to seek a particular wifi signal for espionage.

But now , to install into the wired network itself, you can control every computer the wired or the wireless.  No need to monitor the wifi's just monitor all data trail.
Just remember the #1 rule of hacking, keep it simple.  Monitor the whole internet at the source, instead of the little bit of wifi connections.

And as the latest wikileaks proved, even cells are already monitored.

rated:
I've got to disagree 100% with Forbin here. I did professional pen testing and specialized in wireless exploitation for many years. During that time, I spent 1000's of nights in hotels. I was absolutely astounded by the amount of shady wifi networks I came across. With the exception of the security cons, I've never seen anywhere worse. The script kiddie tools have made it so easy that people seem to just be tempted to try. I've seen rogue AP's, fake captive portals, arp poisoning, content injection and all sorts of man-in-the-middle and man-on-the-side attacks. The wired networks aren't much better. It's just too easy for someone to buy a Pineapple and go to town with little or no idea what they are actually doing. Airports are also VERY bad, but hotels are even more sketchy. It didn't even seem to matter what type of neighborhood or the type of hotel. Working for law enforcement, I was in a unique position where I could sometimes go after the offenders, but that was the exception. Most times, you just have to protect yourself. For myself, I took the following steps.

1. NEVER use the provided WiFi connection, EVER.
2. I used a small travel router with VPN support and hard wired into the network.
3. The VPN connected back to my router at home and forwarded traffic to the Internet through my cable modem.
4. I used a micro WIFi AP and connected that to the wired router when I needed WiFi

Alternatively, you can plug in a normal WiFi router to the wired network and surf via Wifi. You would have to install VPN software on your device to tunnel through the hotel network in order to be safe.

If you're technically inclined, you can also build a very nice ToR Pi for under $50.

Lastly, NEVER, EVER, EVER, EVER use the business center computers in a hotel. For fun, take a look at these computers and see what a mess they are. First, do a netstat and check for running services. I've never seen one that wasn't loaded with spyware and trojans. Then, roll over to the "my docs" folder and look inside. Also check the "downloads" folder and browser history. You'll be amazed at what people do on these systems and have no idea they are leaving behind. I've seen tax returns, pay statements, bank statements, medical documents, and of course, all kinds of porn. It's pretty scary what people are doing on those computers with zero clue of how vulnerable they are.

rated:
Well at that point , never connect EVER and always carry your own pocket hotspot.
And yes, you should never use the business center in any place except for possibly printing documents from a tested USB (In case it installs something)

But no matter, people will use the Wifi, and if I was a hacker, I would just place something near the modem and intercept the whole stream. No need to do wifi tricks. (This won't stop people from trying wifi tricks) but hopefully I demonstrated that wired isn't more 'safer' that wireless, because 'real hackers' know to bug the modem instead of hoping someone does something stupid with a free wifi.

rated:
Personally, I'd never under any circumstances EVER stick a USB drive in a business center computer unless I intended to throw it away after the fact. I definitely wouldn't print anything I didn't want to be public.

I'm not sure what you mean by "place something near the modem". Typically a non-employee isn't going to have access to the wiring closet or the office where the main router is. They can do wifi exploitation without even physically being in the same hotel, so the WiFi is by definition easier to exploit than the LAN. They also know most people connnect via WiFi, not the wire, so they go where the fish are. However, if the attacker is hard wired on the network, they probably have access to both feeds. At that point, it's basically the same. They can use arp spoofing to see all the traffic and route things the way they want. In either of those situations, a VPN provides encryption for the traffic and stop the attacker from injecting content. However, it doesn't in any way provide protection against LAN side exploitation. Several times I've detected full on auto-pwn attacks while in the hotel. Port scans happen all the time. Any 14 year old can google how to use Metasploit or Kali and run automated tools. A cheap combination router/firewall/VPN does triple duty in protecting you from several types of threats simultaneously. Also,. it's easy to misconfigure a software VPN. Often times only HTTP traffic is routed by default, leaving all sorts of other network traffic unprotected.

rated:
For what it's worth, the media has been playing up the whole internet privacy thing this week and there is a TON of very bad information going around about VPN's. Non-tech sites are selling them as end-all security solutions and recommending some very bad ones, as well as seriously misrepresenting what they actually do. To make it worse, there have been a lot of new sites popping up as a result, claiming to be VPN's. Some have you install software that doesn't actually do anything, others are outright malware. Be careful about selecting a reputable company. You should also know that even a true VPN is kicking the can down the road as far as privacy goes. Instead of the ISP being the concern, the commercial VPN service now knows who you are and has full access to your data stream. There is nothing at all stopping them from selling your data the same way an ISP could. You have to trust them explicitly.

  • Quick Reply:  Have something quick to contribute? Just reply below and you're done! hide Quick Reply
     
    Click here for full-featured reply.


Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2017