TECHNOLOGY : SECURITY
WI-FI IS INHERENTLY UNSAFE . EVERY SECURITY EXPERT WOULD AGREE , and many of them won ’ t even use public Wi-Fi .
– DOUG RICE , HTNG of them won ’ t even use public Wi-Fi , because the biggest risk is spoofing . [ U . S . hotels ] have no control , and the worst thing is the only control they have had the government just took away .”
Cracking down , or cracking up ? Rice is referring to the FCC sanctioning Marriott for “ deauthorizing ” the wireless hot spots of guests at one of its resort hotels and convention centers . Observers note that for the hotel in question , the jamming of guest hot spots may have been intended to drive paid Wi-Fi usage on-property , but it still made good security sense , too . The FCC disagreed .
“ The Enforcement Bureau has seen a disturbing trend in which hotels and other commercial establishments block wireless consumers from using their own personal Wi-Fi hot spots on the commercial establishment ’ s premises ,” according to the FCC ’ s statement . “ The Bureau is protecting consumers by aggressively investigating and acting against such unlawful intentional interference .”
The FCC stated that no hotel , convention center , commercial establishment or the network operator therein may intentionally block or disrupt personal Wi-Fi hot spots on the premises . First Marriott was fined , then the company fought back with a petition , claiming the blocking was for security purposes , but relented and withdrew in late January .
“ Our intent was to protect personal data in Wi-Fi hotspots for large conferences ,” explains Marriott Global CIO Bruce Hoffmeister in a statement . “ We will not block Wi-Fi signals at any hotel we manage for any reason . We ’ re doing everything we can to promote our customers ’ connectivity ... and we ’ re working with the industry to find security solutions that do not involve blocking our guests ’ use of their Wi-Fi devices .”
No easy solutions If a hotel can ’ t block the creation of myriad hot spots at a property , it needs the technology to safely and securely authenticate all interactions between guest devices and the Wi-Fi network , and insiders say that solution simply doesn ’ t exist at the moment . That is expected to change , however .
“ A guest will actually be able to register their device with the hotel company , and that device can be recognized through its hardware-addressing capabilities and automatically connects to the network ,” Rice says . “ That ’ s still realistically one to three years away from being widespread enough to be usable by a hotel .”
Until then , Rice offers one method hoteliers and guests can use to make sure they don ’ t fall prey to network spoofing : When presented with a hotel network sign-in page , use an incorrect name and / or room number during the process . If the network still allows you to sign on — despite the incorrect info — it ’ s likely not the actual hotel network . “ But that is not practical to teach a guest from a business standpoint ,” Rice concedes .
In addition to the hot-spot vulnerabilities , it now appears routers themselves are problematic . According to a Wired report just released at press time , security firm Cylance has found hundreds of hotels may be in jeopardy due to a firmware authentication weakness in multiple models of ANTlabs ’ InnGate routers . The porous security permits hackers to modify root file systems and potentially distribute malware that can infect guest computers and infiltrate hotel systems such as the PMS , CRS and any other software that accesses the affected routers . Experts recommend that anyone using these routers immediately update the firmware with the manufacturer ’ s security patch .
52 HOTELS May 2015 www . hotelsmag . com