When business travelers log on to their hotel's internet network to send data back to their home office, they risk the possibility of data theft. A direct analysis of the networks available to guests in 46 hotels, supplemented by a survey of 147 U.S. hotels, found that a substantial majority of the hotels are not using all the possible tools to maintain their network's security.
The newly released Cornell
hotel study, "Hotel Network Security: A Study of Computer Networks in U.S. Hotels" by Josh Ogle, Erica L. Wagner, and Mark P. Talbert, found that about 20 percent of the 147 hotels surveyed still use simple hub-type systems, which are most vulnerable to hacking. In the first-hand analysis, the study tested the networks of 46 hotels, often without actually being guests of the hotel.
"I visited all 46 of those hotels," said Ogle. "Even with hotels that required authentication, I found helpful employees who got me past that barrier. So, authentication is not as effective as we think, and then I found that of the 39 hotels that offered Wi-Fi connections, only six used encryption to help protect the system." Ogle will explain more of the technical aspects of this part of the hotel internet network study on the popular Security Now! podcast, with hosts Steve Gibson and Leo Laporte in the near future.
Hotel guests' data at risk
"On balance, we were forced to conclude that guests' data transmissions are often at risk when they use a hotel's network," said Wagner. "However, we did find hotels that were paying attention to the security of their guests' data. I should point out that improving security does not have to be costly."
The report concludes with a case study of the W Dallas Victory hotel, which has taken a security step not used by most hotels. "What the W Dallas has done is to set up each node on its network as a virtual local area network, or VLAN," explained Talbert. "By using these VLANs, the hotel has separated each guest's computer in a way that should protect against stolen data. It also gives the hotel greater control over the guest side of the network."