Why DarkHotel is Scaremongering

Find out why we think darkhotel is Scaremongering, and how Airangel’s Hotel WiFi solution protects you.

There has been a massive amount of press recently surrounding the darkhotel virus threat, and how it targets your Hotel WiFi business users before disappearing back into the ether, undetected, but with all of your customers intellectual property.

Before you panic about darkhotel too much, lets put some facts out there:

• Darkhotel is alleged to only target hotels with PMS login authenticate (Surname/Room)

• PMS Logins are used by around only 5% of Hotels as an authentication method.

So, That’s reduced the alleged darkhotel threat by 95% , meaning corporate users of the WiFi network are much safer than reported. But wait, Lets continue exploring the article, as the following is suggested:

• The Virus behind darkhotel waits for users to enter their surname and room number into the hotel WiFi network.

I have the following issues with that statement in that :

• Users do not enter their details onto the Hotel Network, rather the WiFi providers secure webpages

• There is no physical link between the hotel network and the guest WiFi network.

• The login pages are hosted in a walled garden , on HTTPS secure SHA256 encrypted pages

• Certificate hacks and redirects are not possible due to the walled garden restricting only a small list of IP’s before login.

• DNS NAT redirection stops spoof DNS servers redirecting you elsewhere (as does the walled garden)

• Optional WPA2 Secured SSID prevent any snooping of wireless of traffic from non HTTPS sites

Then there’s the way the hotel network is compromised by darkhotel, which is mitigated by the following:

• We’ve already established the Guest WiFi network is separate to the Hotel Network

• Switch Port / VLAN isolation stops users accessing network resources of other devices.

• Wireless Isolation stops associated wireless users accessing each other’s devices

• ICMP Snooping stops rouge DHCP servers dead presenting false information to guests

• Firewalling in the access points drops all IP traffic routed to private networks

• Rogue Access Point detection quickly highlights unknown devices transmitting the same SSID and can issue de-authts

As you can see, a well installed and supported Hotel WiFi network will afford your guests a far higher degree of security than they likely get from their own corporate office. Whilst the basic advice in the press is well founded (Be careful, use secure sites or make use of a VPN). The panic and confusion generated by such misleading articles only continue to spread doubt about the use of what is a valuable, secure and necessary business resource.

Should you have any worries about your (non Airangel) WiFi network, infrastructure or “darkhotel” please contact us and we’ll be more than happy to discuss your security and privacy concerns.

David Riches
Technical Director
Airangel WiFi

Comments are closed.