Zimperium's Mobile Security Blog

FBI Warns of Wi-Fi Attacks Targeting Teleworkers at Hotels Due to COVID

FBI Warns of Wi-Fi Attacks Targeting Teleworkers at Hotels Due to COVID

The Federal Bureau of Investigation (FBI) recently issued an announcement encouraging Americans to exercise caution when using hotel wireless networks (Wi-Fi) for telework.

The announcement – in-part – states, “FBI has observed a trend where individuals who were previously teleworking from home are beginning to telework from hotels. US hotels, predominantly in major cities, have begun to advertise daytime room reservations for guests seeking a quiet, distraction-free work environment. While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks. 

“Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests. Following good cyber security practices can minimize some of the risks associated with using hotel Wi-Fi for telework.”

Hotels always an issue

Unfortunately, this doesn’t surprise us. Hotels have always been a prime spot for criminals to try to gain access to mobile devices – even at hotels hosting mobile security conferences. 

As smart as mobile devices are, devices search for networks and can inadvertently connect to a spoofed network (if the user has been to the hotel before) or show the spoofed network to the user. Per the FBI note, “Criminals can also conduct an ‘evil twin attack’ by creating their own malicious network with a similar name to the hotel’s network. Guests may then mistakenly connect to the criminal’s network instead of the hotel’s, giving the criminal direct access to the guest’s computer.”

The FBI note goes on to say, “Connecting personal or business devices to the hotel’s wireless network may allow malicious actors to compromise the individual’s device and then access the business network of the guest’s employer. Once the malicious actor gains access to the business network, they can steal proprietary data and upload malware, including ransomware. Cybercriminals or nation-state actors can use stolen intellectual property to facilitate their own schemes or produce counterfeit versions of proprietary products. Cybercriminals can use information gathered from access to company data to trick business executives into transferring company funds to the criminal.”

We are the answer

Our solution – zIPS – the same solution the Department of Defense (DoD) is using to deliver comprehensive Mobile Endpoint Protection (MEP) to the unclassified devices of servicemen and women around the world – will protect and detect these types of network attacks. 

Zimperium, the global leader in mobile device and app security, offers the only real-time, on-device, machine learning-based protection against Android, iOS and Chromebooks threats, including the detection of device, network, phishing and malicious app attacks. 

To learn more

To read the entire FBI announcement, click here. To learn more about how we can help, click here