International Travelers Warned of Threats via Hotel Connections – “The Malware Hotel—You can check in, but you can’t check out!”
Frequent travelers are likely all-too-familiar with the login screens presented in order register for Internet service when staying at Hotel. When connecting to a hotel Internet connection, it’s common that Web browsers auto-launch to a specific page in order to enable a hotel guest to self-register for service, even when it’s offered free of charge.
According to an intelligence notice issued by the Internet Crime Complaint Center (IC3) on Tuesday, recent analysis from the FBI and other government agencies has shown that some international hotels have been serving up malicious pop-ups to visiting guests as they attempt to get connected to the Internet, resulting in end users being infected with malware.
“Recently, there have been instances of travelers’ laptops being infected with malicious software while using hotel Internet connections,” the alert stated. “In these instances, the traveler was attempting to setup the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely-used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop.”
The alert did not specify what countries the threat was seen, or name any specific hotel or hotel chain.
“This warning is targeted to academics and government officials traveling abroad because state-sponsored actors use the malware installed via these networks to steal intellectual property and/or government secrets,” Rob Rachwald, Director of Security Strategy at Imperva told SecurityWeek.
“There are two obvious scenarios here: either the hotel Internet system was compromised or they had an insider at the hotel who would selectively change the popup,” opined Alex Lanstein, a network/systems architect at FireEye. “I bet they compromised the login system to add the popup.”
Along with the alert, the FBI provided some advice in order to help minimize risk when connecting to the Internet via hotel networks, though the advice can apply when connecting through any public network, such as a coffee shop or airport.
• All government, private industry, and academic personnel who travel abroad should take extra caution before updating software products on their hotel Internet connection.
• Travelers should check the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack.
• Travelers should perform software updates on laptops immediately before traveling,
• If possible, download software updates directly from the software vendor’s Web site if updates are necessary while abroad.
“Some companies now have policies where employees who travel abroad travel with a disposable laptop (or they go off the grid) to ensure that no IP or secrets available on their machines are stolen,” Rachwald added.
In his words, Rachwald humorously described this scenario as “The Malware Hotel—You can check in, but you can’t check out!”
While this particular alert is focused on hotels located abroad, it’s important to keep in mind that the same scenario could easily occur in the United States or in any country.
The IC3 asks that anyone who believes they have been a target of this type of attack should immediately contact their local FBI office, and promptly report it to the IC3’s website. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration.