By Chris Denbigh-White

As the CSO of a Security Software company I travel a lot for work. I attend conferences and conduct security briefings across the world. This means that I spend a large amount of time working and ‘connected’ whilst on the move (and I’m not alone).

In today’s digital age, connectivity is a must, even when we’re on the go. Whether it’s for work or leisure, we often rely on hotel Wi-Fi networks to stay connected. However, the convenience of these networks can come at a price if proper security measures aren’t in place. One such crucial security feature is client isolation.

What is Client Isolation ?

Client isolation is a security feature that ensures each device connected to a Wi-Fi network is isolated from other devices on the same network. In simpler terms, it means that when you connect your laptop, smartphone, or tablet to a hotel’s Wi-Fi, your device should only be able to communicate with the internet router and not with other devices connected to the same network.

The Risk of Unsecured Hotel Wi-Fi

Many travellers assume that hotel Wi-Fi networks are secure ( Especially if they have to put in a password to connect! ), but the reality can be quite different. Without proper client isolation, hotel guests may be vulnerable to various security risks:

  1. Device Exposure: Imagine checking into a hotel and connecting to the Wi-Fi network. You might be surprised to see a long list of other guests’ devices displayed on your screen. On a recent trip to Las Vegas I discovered that my laptop which was connected to hotel WiFi was visible to a staggering 4,208 other devices on the network!

This is a common issue in hotels that lack client isolation. These exposed devices could potentially be scanned and exploited by malicious actors, leading to data breaches, identity theft, or other cyberattacks.

  1. Privacy Concerns: When your device can communicate with others on the same network, privacy can be compromised. Guests could inadvertently share files, share sensitive information, or even have their devices accessed without their knowledge or consent. Even without an active compromise, the information broadcasted across the network on non client isolated WiFi is remarkable. From the list of 4,208 devices mentioned earlier I could see things like people’s names, the companies they worked for and how many people had brought their own chromecasts / Firesticks etc.
  2. Network Vulnerabilities: In some cases, hotel Wi-Fi networks are not segmented effectively. This means that devices connected to the guest network might have access to other parts of the hotel’s network, including point-of-sale machines, back-office computers, or even security cameras. Such network segmentation issues can be a goldmine for cybercriminals looking to infiltrate the hotel’s infrastructure.

During a recent trip to a boutique hotel I discovered that the Point of Sale machines (POS) and the restaurant music controller were both accessible from guest WiFi. Whilst network segmentation is a larger infrastructure design issue, client isolation is a great step on the path to better security.

  1. Limited Control: Without client isolation, guests (and hotels themselves) have limited control over network traffic. In a lot of ways, they are at the mercy of the security practices of other guests. This lack of control can put both your data and privacy and the data and privacy of guests at risk.

Why Client Isolation Matters:

  • Protects Guest Privacy: Client isolation helps to ensure that guests’ online activities remain private and secure.
  • Prevents Unauthorised Access: With robust separation, the risk of unauthorised access to devices or data from other network users is significantly reduced.
  • Enhances Network Security: Hotel networks should be designed to protect both guests and the hotel’s infrastructure. Client isolation is a fundamental step in achieving this goal by preventing unauthorised access to sensitive hotel systems.

How to Verify Client Isolation:

Whether you are a hotel guest or a security manager, you can take a few steps to verify if client isolation is in place:

If you are a hotel guest:

Ask the Hotel Staff: Inquire at the front desk or with the hotel’s IT department about the security measures in place for their Wi-Fi network. Specifically, ask about client isolation.

If you are a member of hotel management:

Speak to your Guest Wifi service provider: Many hotels outsource the provision of their guest internet to third party providers. If this is the case then a simple inquiry will enable a conversation to take place around the status of client isolation.

Test the Network: Once connected to the Wi-Fi, try to access other devices on the network. If you can see or communicate with them, it’s a red flag that client isolation may not be implemented correctly.

General advice:

  • Use a VPN: Whilst a VPN will not protect you from being visible to other network users without client isolation in place, it’s always good practice to use a Virtual Private Network (VPN) to encrypt your internet traffic. This adds an extra layer of security to protect your data between your computer and the internet from potential threats.

Conclusion:

Client isolation is not just a technical feature; it’s a fundamental aspect of ensuring the security and privacy of hotel guests. Travellers are becoming more vigilant and are increasingly inquiring about the security measures in place when connecting to hotel Wi-Fi networks. By prioritising client isolation, both hotels and guests can enjoy a safer and more secure online experience, free from some of the risks associated with unsecured networks.