Irish hotels warned of wifi security threat

Personal and financial information of users at risk of theft by hackers

Hotels are being warned of security flaws in their guest wifi services which could put the personal and financial information of users at risk.

The warning follows the discovery of cyber security flaws at ten hotels in Ireland by Cork-based IT security company Smarttech.

Smarttech carried out tests on 10 randomly selected hotels, ranging from 3, 4 & 5 star and claims that even a novice internet-hacker would be able to collect everything from email logins, credit card details, Facebook passwords, PayPal account details, of people using the public wifi provided by the venues.

"Consumers need to be aware that if you are accessing public wifi there are serious security challenges," Smarttech chief executive Ronan Murphy said.


He said the flaws were “exceptionally worrying” as customers are almost completely unaware of how dangerous using unencrypted logins and passwords across a public network can be.

The Irish Hotels Federation (IHF) said individual hotels should inform their guests of the type of internet access being provided and the nature of security that is in place.

“End users of wifi services should, for their part, ensure they have appropriate internet security installed on their devices particularly if carrying out commercial transactions online or entering personal data onto web pages,” a spokeswoman said.

Smarttech said the hack test is known as “network sniffer” on the public wifi network and within seconds it shows up a list of devices and grants access.

It said that most public wifi networks share a single internet provider, or IP, subnet and this gives potential hackers the ability to pretend that their laptop or mobile device is the gateway on that subnet.

The company said the tests it conducted between the end of October and the end of November revealed serious vulnerabilities and risks for the users, with Smarttech able to access the email addresses, passwords, call logs, website logins, online banking details and emails within 20 minutes.

Eamon Noonan, director of Dublin-based cyber security academy Digicore, said the industry touts https as being the magic answer in terms of online security.

“It makes circumvention harder in the same way that encryption does but its just another layer.”

“People use tools such as Firesheep to inject themselves into conversations on Facebook and Twitter....hackers can intercept the transmission of data between the sender and receiver.”