Guest Wi-Fi is no longer a nice-to-have, but as essential to guest experience as clean sheets and a bathroom. In providing this service, however, many hotels are exposing themselves to cyber attack. In a recent engagement, Net Consulting’s team discovered a misconfiguration in a client’s guest Wi-Fi network that enabled us to access their main network and, consequently, control their access doors. With the hotel industry in the spotlight more than ever before, now’s the time to make sure you’re secure.
Data collection is of paramount importance in the hotel industry. The race is on to provide a fully personalised experience that keeps customers coming back, time and time again. More than name, credit card information and address, hotels now want to know which coffee shops their guests buy from, where they like to visit when they’re in town and what music they listen to.
Understanding a customer fully is only possible through the analysis of vast quantities of data, which is becoming easier to collect due to digital transformation and the emergence of hospitality-specific tech. Apps and chatbots gather data seamlessly through customer’s devices, quickly building a digital profile that can be used to deliver an improved experience.
According to research by Samsung, 9/10 guests will expect hotel experiences to be personalised by 2020. Guests are driving this change, flocking towards online services that offer personalised recommendations and reviews, such as as AirBnB and Booking.com. Hotels face no choice other than to modernise, exploiting new technology to ensure that their guests get the service they’re accustomed to elsewhere.
Old dog, new tricks
Digitalisation is certain, but the transition poses a unique set of problems. Digital keys, smart room sensors and guest Wi-Fi are all access points through which a cyber-attack could be launched. As the industry transitions towards full digitalisation, more and more of these access points are being added to legacy systems and being managed by under-trained staff that become weak points.
Each of these points of vulnerability could provide access to a global network holding rich information on vast numbers of hotel guests. With the rewards of exploit so high, it’s no surprise that the news has been filled with recent headlines of hotel chains being breached. The Marriott International attack made headlines most recently, with financial costs estimated to be an eye-watering half a billion US dollars, before considering the damage to reputation which may never be recovered.
Though it maybe be large hotel chains making the news, the risks of digitalisation are shared across the industry. Smaller and independent hotels might not yet have embraced smartphone enabled room access or invested in bespoke apps, but the demand for access to the internet is universal. Wi-Fi access, that underpins and enables digitalisation, is now a basic requirement.
During a recent Net Consulting engagement, we were able to gain control of a client’s electronically controlled access doors through a misconfigured guest Wi-Fi.
If misconfigured or outdated, guest Wi-Fi networks can leave the door open to attackers and the consequences can be severe. During a recent Net Consulting engagement, we were able to gain control of a client’s electronically controlled access doors through a misconfigured guest Wi-Fi. We were able to contain and repair the incident before any damage could be done, but the consequences of a malicious attacker gaining similar access could have been severe.
Digitalisation teething problems are affecting businesses in every field across the world, and increased publicity only makes further attacks more likely. Hotel owners are already in the spotlight, so the time to act is right now. Accept that a breach is likely and take the necessary precautions. Get a pen test. Update your infrastructure. Train your staff.
If you need an independent opinion, get in touch.