The hotel that I sometimes stay in offers either WiFi or cable connection in my room. I know that WiFi can be hacked into, so I always connect via cable. My communications are safe that way, right?
The answer is âno.â Your communication is just as vulnerable when using a hotel cable connection as it would be if you were using WiFi.
This actually was one of the most shocking things that I learned about Internet communications before starting Private Communications Corporation. Like many of you, I was dimly aware about the vulnerability of WiFi . But I assumed that if I plugged directly into the hotelâs network with a cable that I was safe.
This turns out to be false.
To understand why, we have to look back about 35 years. The WiFi Hacking technology used for most in-house networks, called Local Area Networks (LANs), originated back in the mid-1970s at Xeroxâs famous PARC research lab. LANs were designed to be able to share information within an organization, such as a business. It was assumed, then, that everyone on the LAN could basically be trusted, so no security was necessary.
And that fundamental oversight has been carried forward ever since.
That is not a major problem when the LAN is used internally, such as a business. But the same technology is used for hard-wired Internet access in hotels, and that is a serious problem.
Promiscuous Monitoring, ARP Spoofing
There are several ways to hack hotel LANs, but two the two main ones carry the colorful names of âpromiscuous monitoringâ and âARP spoofing.â
Promiscuous monitoring can be used on hotel networks which use a âhubâ configuration, which passes everyoneâs communication thorough the same cable. (Only about 20% of hotels use this technique, but you have no way of knowing whether they do or not.) So all a hacker has to do is turn on an option in his ânetwork interface cardâ to listen âpromiscuously,â and the communications from every hotel guest can be captured and stored on his laptop.
Almost every laptop, whether PC or Mac, has the ability to do this. It only takes a bit of software that, naturally, is readily available on the Internet.
âARP spoofingâ is more insidious yet also more esoteric as it is very difficult for the hotel to protect against. (That is one reason why most hotels actually have two LANs â one for their internal business, the other for guests.)
With ARP spoofing a hacker convinces the network his laptop is actually that central node with the Internet connection, so all the guestâs communications are re-directed to through him. This is called a man-in-the-middle attack. He can store your communication â or even modify it if he wishes â before sending it on to the Internet. Chances are, no one will ever know what happened. At least until the next credit-card billing cycle.