How to Bolster Hotel Network Security Using Passpoint

Oct 22, 2020 7:12:00 AM

As Wi-Fi technology evolves, unfortunately, so do hackers. Recently, the FBI issued a public service announcement about the security of hotel Wi-Fi networks. They warn Americans that “accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks.” Read on to learn why we believe Passpoint is the future of access network security.

One of the most common security issues on hotel networks are what the FBI calls “evil twin attacks.” In these scenarios, an attacker on property or close by sets up a fake malicious wireless network that uses the same SSID as the main hotel network, such as “Guest Room Access”. When unsuspecting guests connect to the malicious network, the attacker can steal guest information and direct the guest to fake websites. Unfortunately, there is absolutely no way to differentiate whether a network is genuine or a fake “evil twin” network. Even adding WPA2 encryption or implementing a captive portal on your network does nothing to prevent these attacks.

iOS-passpoint-mini-demo

Passpoint, also known as Hotspot 2.0, a relatively new Wi-Fi standard that streamlines network access, is by far the best way to defend against evil twin attacks on hotel networks. Rather than passwords, Passpoint most commonly makes use of profiles that are installed on user devices, like smartphone and laptops. These profiles are long-term credentials that are used to automatically connect to any number of trusted networks associated with that profile.

Passpoint is different from traditional Wi-Fi authentication methods because it allows the client device and the hotel network to exchange information before the device is connected. Without the guest having to do anything, their device can communicate with the hotel network to see if it possesses a credential that the network can use to authenticate the device. For example, a guest could have installed a profile as part of a loyalty program and once the device detects that it can use the installed profile to connect to the network, the credential is used to securely authenticate the device and an encrypted internet connection is enabled on the network. Guest devices will only connect to trusted networks that recognize the profile installed on the device, which prevents those guests from being victims of evil twin attacks.

Beyond enhanced security, Passpoint enables a truly seamless guest experience. Because guests initially download a profile to their device, they are able to then access any brand location using that same profile without the need to authenticate again and again. Tying this authentication technology into a hotel loyalty program makes the experience sing. Learn more about the ElevenOS Passpoint solution.