Hotel hacking center

Posted: January 19, 2015 in Uncategorized
Tags: , , , , ,

You’ve just checked into your hotel and gotten situated in your room. All that time on the plane has left you feeling a bit out of touch so you head down to the business center to do a quick check of your email. You’re in luck — there’s a free workstation just waiting there for you. You log in to your account, read a few, respond to some, delete some spam, log off and head for the gym feeling that everything is now in order. But is it?

Turns out that the person using that same PC a few hours ago opened an attachment that contained malware that installed itself on the system and has been recording every keystroke entered ever since. Making matters worse, all those email responses, web site addresses, credit card numbers and logins have also been surreptitiously forwarded to someone on the other side the world who now has everything they need to take over your email, raid your bank account and run up charges on your credit card.

Krebs on Security has a good post on this threat along with a discussion of  some preventative measures your hotel could have taken to protect you. The problem is, as the author points out, all of them can potentially be circumvented.

Of course, you could enable all your accounts to use 2-factor (a.k.a. two step) authentication where a seemingly random set of numbers are texted to your phone that you then have to enter after entering your account name and password (and you should!), but most people don’t want to be bothered with this extra step and they are precisely the ones that the bad guys are counting on.

The bottom line is, if you don’t control the system you’re using (and you never do with a public terminal), you really have no idea who else might be listening in so you should consider that anything you type (including your password) is now public information.

The best thing you can do to avoid this scenario is simply to not use public workstations. It may be a pain to lug along your own laptop but it beats the alternative.

Advertisements
Comments
  1. christopherdhecker says:

    Thank you for the interesting and informative post. Public internet terminals definitely are risky, Internet security wise, to use. Someone could attach a hardware keyloggers between the keyboard and USB port as well. I always check for this when using a public Internet terminal.

    I have an Internet security blog, http://www.internetsecurity101.net, so am particularly interested in Internet security and privacy issues.

    • I’m glad you found the post useful. You’re right about hardware keyloggers as well. Most people aren’t going to know to check for them nor would they recognize one if they saw them. The software keyloggers are invisible so they are even harder to detect, unless, of course, you control the machine and can install antivirus software.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s